Anna F J Morris anna.morris@fsfe.org wrote:
Hi, fair enough, I have similar feeling oft myself. That said, it means you will be doing the workshop for the "linux" peeps there, like myself, who are more likely to be the people running the other workshops. I guess we will need to see how the numbers stack up.
In general, I really want to make sure that if we teach a skill, we teach is to every one possible, and on a practical level too, whatever device or software they are using :)
The software is integral, especially if you're trying to market the event off the back of state spying.
It has been suspected in the past that Microsoft introduced or allowed to be introduced backdoors into their operating system. It is also suspected that popular commercial (and proprietary) cryptography software is similarly afflicted.
I can't say anything for members of state organisations--GHCQ and the NSA both employ a fair number of very intelligent people, enough that internal review may be sufficient. In the civilian world, no cryptographer trusts a cryptosystem that is not open and has been subject to peer review and withstood cryptanalysis for some time. A closed cryptosystem is simply out of the question.
This includes the software used to operate it, and so at the very least the ability to examine the source code is a necessity to have any assurance that you have a reasonable level of security. If all of the system cannot be reviewed by many others you place your trust in a small number of entities who may be coerced by the state. You might have perfect cryptography but the another part of the system could be giving away your secret keys, undermining the whole effort.
Simon