From owner-freebsd-questions@FreeBSD.ORG Mon Sep 23 20:29:49 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 286EB469 for ; Mon, 23 Sep 2013 20:29:49 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DB1C92784 for ; Mon, 23 Sep 2013 20:29:48 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1VOClI-00033h-85 for freebsd-questions@freebsd.org; Mon, 23 Sep 2013 22:29:40 +0200 Received: from pool-173-79-84-117.washdc.fios.verizon.net ([173.79.84.117]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 23 Sep 2013 22:29:40 +0200 Received: from nightrecon by pool-173-79-84-117.washdc.fios.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 23 Sep 2013 22:29:40 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Subject: Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days! Followup-To: gmane.os.freebsd.questions Date: Mon, 23 Sep 2013 16:29:27 -0400 Lines: 67 Message-ID: References: <201309231851.MAA14047@mail.lariat.net> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: pool-173-79-84-117.washdc.fios.verizon.net X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: nightrecon@hotmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Sep 2013 20:29:49 -0000 Brett Glass wrote: > All: > > It's good to see corporate support of BSD, but at the same time I > have mixed feelings about certain corporations -- Verisign among > them -- hosting BSD-related conferences or becoming involved in the > development of BSD-based operating systems. Why? Because Verisign, > based in Reston, Virginia (the city next door to Vienna, VA, home > of the NSA), has strong ties to this shadowy agency. No. I used to work right down the street from Network Solutions (now known as Verisign) in Herndon. Indeed, I had job offerings from them but felt I was better off to stay where I was. The NSA is headquartered at Ft Meade, near Columbia in Maryland. I worked there for 8 years? The CIA headquarters is in Mclean, Virgina, which is right next door to Vienna. Reston/Herndon is a few miles down the Dulles Toll Rd to the west. I've been to all these places, so this is not some MapQuest google for me. > The NSA, in > turn -- as reported in documents recently leaked by Edward Snowden > -- has a very strong interest in weakening the security of > cryptographic algorithms, cryptographic software, and operating > systems. We may want to look this gift horse very carefully in the > mouth, or at least monitor very closely "contributions" of code > that might introduce backdoors or weaknesses. On some level I agree with this - to a point. Examine how the NSA maneuvered the NIST to approve and mandate the FIPS-140 protocols, where deeply concealed was a known weak prng. To some of us this is not news - we've known it for a long time. Arguments of pro vs con, good vs evil, ad infinitum ad nauseum, etc, are better served in a different venue. It is so much easier to get away with concealing such things inside the closed-source paradigm. What I like and admire with open source is the code is out there in public for all to examine. These truly arcane crypto stuffs operate at such a high level of mathematical complexity that even very highly skilled cryptographer/mathematicians argue amongst themselves. I am just not that smart, or that highly educated. There are some in the open source community who do have very large propellers on their beanie caps. I defer to them simply because they are smarter then me. I would trust them long before I would trust closed source. I agree about the 'looking the gift horse in the mouth' concept. Bear in mind, however, some of the guys at NIST are pretty smart too. And yet this FIPS-140/prng stuff went right by them. My suggestion is for FreeBSD (indeed open source in general) to try and engage, include, and attract to the community the kinds of elite mathematician who may have the facilities to examine the code at a higher level than can dummies like me. Whenever The Citadel wants the public to fixate on any one particular brouhaha I know they are trying to get everyone looking in a particular direction whilst they are pulling something else. Verisign may very well have some other obfuscated agenda. Take a step backwards and try to obtain some view of the bigger picture (hint). Will not elaborate here, even though I do have some crackpot ideas. I find it highly ironic: http://en.wikipedia.org/wiki/Snowden_%28character%29#Snowden I got no end of amusement from this. Just my $ 0.02. -Mike