Subject: Re: IP: Wal-Mart PC, Operating System *Not* Included: $399 (fwd)
To: David Laight <david@l8s.co.uk>
From: Steven M. Bellovin <smb@research.att.com>
List: netbsd-users
Date: 02/26/2002 08:03:11
In message <20020226091914.C691@snowdrop.l8s.co.uk>, David Laight writes:
>>
>> Re-read my post: sometimes an open-source or openly-documented interface
>> is not preferable. Hell, sometimes, it's not even legal if you want
>> customers like the NSA, banks, or overseas governments to buy it.
>
>Eh? Do they still believe in security by obscurity?
>I guess it gives them a warm fuzzy feeling :-)
I can't speak for banks, but I'm quite certain that's not true for NSA
or (for the cases I'm familiar with) for overseas government. Remember
that NSA released a security-enhanced version of Linux -- they have a
fair number of open source projects going on. The export issue used to
be because of the crypto export rules -- but these days, I believe it's
*easier* to export open source crypto code, since you can point to a
Web site somewhere as evidence that it's widely available.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com