[p2p-hackers] OmilyX: Secure VoIP
Enzo Michelangeli
enzomich at gmail.com
Fri Feb 24 08:18:26 UTC 2006
----- Original Message -----
From: "coderman" <coderman at gmail.com>
To: "Peer-to-peer development." <p2p-hackers at zgp.org>
Sent: Friday, February 24, 2006 10:35 AM
Subject: Re: [p2p-hackers] OmilyX: Secure VoIP
> On 2/23/06, coderman <coderman at gmail.com> wrote:
> > [poor display of social communication skill]
>
> i apologize for the tone of this thread; this happens to be one of my
> hot buttons as too many people consider "adding encryption" the path
> to strong application security as this is really just presenting a
> false sense of it when the other requisite development and UI
> practices are ignored.
No, coderman, you were absolutely right, and I think that ruffling some
feathers every now and then is a minor sin, considering the damage that
misplaced trust in the security of a flawed application could make in some
cases. And to Alex: having the source code allows to build fresh binaries
and disregard the standard binary distribution. Granted, that's not by
itself sufficient to build trust in a complex application: undocumented
spaghetti code would be almost impossible to subject to proper analysis
and peer review. But the best design document is meaningless if you don't
know if the implementation really follows it.
Enzo
More information about the P2p-hackers
mailing list