Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We're all aware that providers can be compelled legally to backdoor aggregation points (i.e. central servers), but could they be forced to put backdoors in their client software too? What about a letter or court order compelling them to re-engineer their software to either remove strong cryptography or force all traffic through a central point, thereby killing their business?


Why not? And why stop there? Why can't providers be compelled to break into peoples houses or perform assassinations?


Yes, I think the only way to solve that problem is that the providers fully open source their client code and that the client code is built and proofed by the users.

Still, an example where such open source existed and still the result was completely broken crypto for two years is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166

Good security is damn hard.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: