Right, why not just distribute it to all users, and then exercise it against the target user? There is zero penalty if you're caught, you can just try again.
-
-
Replying to @taviso @alexstamos and
hm. Interesting argument. So basically you have to always maintain at least one bugdoor in your release version.
1 reply 0 retweets 0 likes -
Replying to @zooko @alexstamos and
You can also add a new one in a feature update or patch if you decide to become malicious later, or if your old one gets found. I don't really know of any way to defend against bugdoors, you have to trust your provider.
1 reply 0 retweets 3 likes -
Replying to @taviso @alexstamos and
This argument also means there's no difference with regard to this between a local app and a web app, right?
2 replies 0 retweets 0 likes -
Replying to @zooko @alexstamos and
In terms of whether the crypto can be trusted? I don't think so. Ryan disagrees though, IIUC, he points out that if a compromised (but not malicious) vendor has separate code signing infrastructure, the attacker might not be able to get a modified build signed.
1 reply 0 retweets 3 likes -
If the vendor *is* trying to insert a backdoor, then there's no difference because of bugdoors.
1 reply 0 retweets 2 likes -
Replying to @taviso @alexstamos and
FWIW, I think it matters, the difference between a vendor being forced to commit to a permanent, public record versus not having to do so.
1 reply 0 retweets 0 likes -
Replying to @zooko @alexstamos and
That's why you use a bugdoor, not a backdoor. If you get caught, you just say "oops", and nobody cares.
1 reply 0 retweets 0 likes -
Replying to @taviso @alexstamos and
I understand the importance of the fact that bugdoors are deniable, but I still think the difference matters.
1 reply 0 retweets 0 likes -
... because I don't think people being able to positively identify intentional backdoors is the only thing that matters here.
1 reply 0 retweets 0 likes
Can you give me an example?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.