Why "carnivore" type systems can't be (entirely) open source
Brian Gladman
Brian Gladman" <brg at gladman.plus.com
Thu, 1 Feb 2001 01:08:30 -0000
----- Original Message -----
From: "Owen Lewis" <oml@eloka.demon.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Tuesday, January 30, 2001 9:44 PM
Subject: Re: Why "carnivore" type systems can't be (entirely) open source
>
> ----- Original Message -----
> From: "David Hansen" <davidh@spidacom.co.uk>
> To: <ukcrypto@chiark.greenend.org.uk>
> Sent: 31 January 2001 20:35
> Subject: Re: Why "carnivore" type systems can't be (entirely) open source
>
>
> > > That obscurity has no part to play in good security is, really, too
> > > simple an approach.
> >
> > Agreed, but it was never a black or white discussion.
>
> That's about encompasses the length and breadth of my point. For some STO
is
> anathema.
Which is precisely how we should treat STO in respect of systems design.
STO does have a role in operational security matters but it is, without
exception, a completely bad principle for anyone who wishes to protect their
own security using products supplied by others.
It is especially amusing to note that those organisations who are strong
advocates of such approaches are precisely those organisations who would
never under any circumstances rely on a product for their own use where its
design was in any way obscure at even the minutest level of detail.
The practical reality of cryptography and information security is that
design obscurity is overwhelmingly more likely to be a cover for inadvertant
or deliberate insecurity than it will ever be a provider of security.
Brian