[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Safeplug"



On 2013-11-23 19:38, Philipp Winter wrote:
On Sat, Nov 23, 2013 at 02:22:48PM +0000, Mark McCarron wrote:
How about a certification program?  A company can donate some
funds to have their product evaluated and if successful gain
"TOR Certified" status.  It would stop all this nonsense and
provide everyone the opportunity to request specific features
or amendments to designs.

I would imagine such a certificate to be quite misleading.  Even
professional code audits never catch all bugs.  So it would only
be a matter of time until one of these "Tor certified" products
would fail horribly which would then provoke reactions along the
lines of "but... it was certified?".

Also, audits are one time snapshots.  The very first commit
after the certification process might already introduce new
bugs.

Cheers,
Philipp

On the other hand, any Tor-Related hardware is of interest the wider community, and many on these lists would be happy to receive/evaluate/give feedback, on both actual physical hardware as well as proposed designs. Ideally, companies interested in producing safeplug like devices would come to the tor-* mailing lists in search of advice, feedback, review of proposed designs, and potential hires/developers.

Take note, because we all want to see more Tor in the world!

--Aaron
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk