Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
Looks like speculationLooks like speculationPosted Apr 9, 2008 14:14 UTC (Wed) by nix (subscriber, #2304)In reply to: Looks like speculation by nix Parent article: Freezing More Than Bits: Chilling Effects of the OLPC XO Security Model
Also, note that once specs are submitted to a recognized standards body, it's because they're *done* and hardly expected to change anymore. I've got a word for a spec like that, which you can't change. It's 'closed'.
(Log in to post comments)
Looks like speculation Posted Apr 9, 2008 14:56 UTC (Wed) by rfunk (subscriber, #4054) [Link] That's not true at all. Open standards get revised all the time. For example, the standard for Internet email, RFC 822, was later revised, with the revision becoming RFC 2822. And that's just one that hasn't changed very much. The openness of a standard is about how free people are to implement it, not about how easy it is to change.
Looks like speculation Posted Apr 9, 2008 14:59 UTC (Wed) by rfunk (subscriber, #4054) [Link] Er, I should also note (before someone else does), that not all RFCs are officially considered standards, and that when they are considered official Internet standards they get STD numbers that few people actually bother to remember (since they've already been busy implementing the RFC).
Looks like speculation Posted Apr 9, 2008 16:24 UTC (Wed) by nix (subscriber, #2304) [Link] Yeah, but you don't generally submit something as an RFC while it's still under heavy change: they go through draft processes first. Under the definition of 'open' used in this document, that wouldn't be open yet because the standards body hadn't accepted it! (And submitting something to a standards body is neither necessary nor sufficient nor anything more than indicative that people are free to implement it: notably, you can have things which people are free to implement which are not standards, perhaps because all the code is freely available. You can also have things which are standards which are in practice unimplementable in full, perhaps because they're huge and somewhat ambiguous like CORBA or C++, or because they're just too limited to be useful, like the earlier SQL standards.)
Looks like speculation Posted Apr 11, 2008 13:36 UTC (Fri) by DanWeinreb (subscriber, #51526) [Link] When we are talking about security, and saying that it's important for security software to be "open", what we mean by "open" in this context is that anybody should be able to see how it works. You want it to be inspected by experts. Most important, you want to avoid "security by obscurity", which experience has shown is a bad principle. So whether it is standardized by a standards body has absolutely nothing to do with the case. If a new version comes out, of course that needs to be re-examined and re-audited. And if no finalized version has come out yet, that just means that it's not time yet for final auditing, but it's a great time for the public to point out flaws and suggest improvements. Some of the papers on Bitfrost are written as if Bitfrost were completely specified, implemented, in use, and so on. If so, then someone has grounds for complaint. But they should carefully complain about just that, NOT that it's "not open".
|
|||||||||||