From: Adam Shostack <adam@homeport.org>
To: Markus.Kuhn@cl.cam.ac.uk
Message Hash: 0fdbd62578cfae4ac2dd329766b9b8371de31cf72aaef7ce74e63738b7d1c11c
Message ID: <199801231938.OAA19072@homeport.org>
Reply To: <E0xvVff-0003c1-00@heaton.cl.cam.ac.uk>
UTC Datetime: 1998-01-23 19:49:40 UTC
Raw Date: Sat, 24 Jan 1998 03:49:40 +0800
From: Adam Shostack <adam@homeport.org>
Date: Sat, 24 Jan 1998 03:49:40 +0800
To: Markus.Kuhn@cl.cam.ac.uk
Subject: Re: Netscape 5 will be GPL'ed
In-Reply-To: <E0xvVff-0003c1-00@heaton.cl.cam.ac.uk>
Message-ID: <199801231938.OAA19072@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain
Markus Kuhn wrote:
| > NETSCAPE ANNOUNCES PLANS TO MAKE NEXT-GENERATION COMMUNICATOR SOURCE CODE
| > AVAILABLE FREE ON THE NET
|
| Excellent!
|
| Finally mainstream software companies start to understand that security
| critical software has to be provided to the customer in full compilable
| source code to allow independent security evaluation.
I'm not sure that this is the message they're sending at all.
They're trying to work the Linux/GNU model of getting a horde of
volunteer programmers to improve their product, and base other
products on it, because of the ease of integration. I don't know that
security was even on their minds.
| No formal CC/ITSEC evaluation process can beat the scrutiny of the
| Internet crowd. I wonder how long we have to wait for the day on which
Not that the internet crowd is such hot shit, either. The freely
usable FWTK contained a *really* easy to find replay attack for about
3 years, befire I pointed it out at the Crypto rump session.
(www.homeport.org/~adam/crypto97.html). Small code. Comments
pointing to problems. Security critical in some instances. 3 Years
to find.
Adam
| we can download the latest GPL'ed Windows NT version source code from
| Microsoft's web server ...
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to January 1998
Return to ““William H. Geiger III” <whgiii@invweb.net>”