[83528] in North American Network Operators' Group
Re: India cites security concerns, blocks Huawei bid to expand their indian ops
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Aug 17 21:58:10 2005
To: Jim Popovitch <jimpop@yahoo.com>
Cc: deepak@ai.net, Alexander Bochmann <ab@lists.gxis.de>,
"'NANOG'" <nanog@merit.edu>
In-Reply-To: Your message of "Wed, 17 Aug 2005 18:14:15 EDT."
<1124316855.13411.6.camel@localhost>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 17 Aug 2005 21:55:49 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1124330148_3161P
Content-Type: text/plain; charset=us-ascii
> Requesting the source code and/or having access to it is really
> meaningless unless you have the skill and capabilities to compile it
> *and* use it. There is no sure way to know that the source code in your
> left hand is what was used to compile the binary in your right hand.
Even if you compile your left hand into your right hand. See Ken Thompson's
"Reflections On Trusting Trust" (http://www.acm.org/classics/sep95/). To
complete the references, Reference 4 ("An unknown Air Force document") is
Karger & Schell's paper on a Multics pen-test, which is available at
http://www.acsac.org/2002/papers/classic-multics-orig.pdf
Karger and Schell did a "30 years later" retrospective, also available at
http://www.acsac.org/2002/papers/classic-multics.pdf
Between the India/Huawei thing and the MS05-039 mess, this is a good time for
everybody who hasn't read all 3 of them to read them - under 40 pages for all 3,
and the 24 pages of the first Karger&Schell you can probably skim.....)
--==_Exmh_1124330148_3161P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFDA+qkcC3lWbTT17ARArcrAJ40Y0ooRF93bHMpbPPbfyK74z1DUACg9G4z
ey/N009OSEbf58tzmudknDI=
=NQLB
-----END PGP SIGNATURE-----
--==_Exmh_1124330148_3161P--
