[tor-talk] "Safeplug"
Gibson, Aaron
aagbsn at extc.org
Mon Nov 25 13:25:37 UTC 2013
On 2013-11-23 19:38, Philipp Winter wrote:
> On Sat, Nov 23, 2013 at 02:22:48PM +0000, Mark McCarron wrote:
>> How about a certification program? A company can donate some
>> funds to have their product evaluated and if successful gain
>> "TOR Certified" status. It would stop all this nonsense and
>> provide everyone the opportunity to request specific features
>> or amendments to designs.
>
> I would imagine such a certificate to be quite misleading. Even
> professional code audits never catch all bugs. So it would only
> be a matter of time until one of these "Tor certified" products
> would fail horribly which would then provoke reactions along the
> lines of "but... it was certified?".
>
> Also, audits are one time snapshots. The very first commit
> after the certification process might already introduce new
> bugs.
>
> Cheers,
> Philipp
On the other hand, any Tor-Related hardware is of interest the wider
community, and many on these lists would be happy to
receive/evaluate/give feedback, on both actual physical hardware as well
as proposed designs. Ideally, companies interested in producing safeplug
like devices would come to the tor-* mailing lists in search of advice,
feedback, review of proposed designs, and potential hires/developers.
Take note, because we all want to see more Tor in the world!
--Aaron
More information about the tor-talk
mailing list