identity.function at gmail.com
Mon Nov 25 13:42:51 UTC 2013
On Mon, Nov 25, 2013 at 01:25:37PM +0000, Gibson, Aaron wrote:
> On 2013-11-23 19:38, Philipp Winter wrote:
> >On Sat, Nov 23, 2013 at 02:22:48PM +0000, Mark McCarron wrote:
> >>How about a certification program? A company can donate some
> >>funds to have their product evaluated and if successful gain
> >>"TOR Certified" status. It would stop all this nonsense and
> >>provide everyone the opportunity to request specific features
> >>or amendments to designs.
> >I would imagine such a certificate to be quite misleading. Even
> >professional code audits never catch all bugs. So it would only
> >be a matter of time until one of these "Tor certified" products
> >would fail horribly which would then provoke reactions along the
> >lines of "but... it was certified?".
> >Also, audits are one time snapshots. The very first commit
> >after the certification process might already introduce new
> On the other hand, any Tor-Related hardware is of interest the wider
> community, and many on these lists would be happy to
> receive/evaluate/give feedback, on both actual physical hardware as
> well as proposed designs.
Sure, fully agreed. I just don't think that a certification
process is the right way towards that goal.
More information about the tor-talk