[tor-talk] "Safeplug"

Philipp Winter identity.function at gmail.com
Mon Nov 25 13:42:51 UTC 2013

On Mon, Nov 25, 2013 at 01:25:37PM +0000, Gibson, Aaron wrote:
> On 2013-11-23 19:38, Philipp Winter wrote:
> >On Sat, Nov 23, 2013 at 02:22:48PM +0000, Mark McCarron wrote:
> >>How about a certification program?  A company can donate some
> >>funds to have their product evaluated and if successful gain
> >>"TOR Certified" status.  It would stop all this nonsense and
> >>provide everyone the opportunity to request specific features
> >>or amendments to designs.
> >
> >I would imagine such a certificate to be quite misleading.  Even
> >professional code audits never catch all bugs.  So it would only
> >be a matter of time until one of these "Tor certified" products
> >would fail horribly which would then provoke reactions along the
> >lines of "but... it was certified?".
> >
> >Also, audits are one time snapshots.  The very first commit
> >after the certification process might already introduce new
> >bugs.
> On the other hand, any Tor-Related hardware is of interest the wider
> community, and many on these lists would be happy to
> receive/evaluate/give feedback, on both actual physical hardware as
> well as proposed designs.

Sure, fully agreed.  I just don't think that a certification
process is the right way towards that goal.

More information about the tor-talk mailing list