Trust (non-DB)

Steve Butler sbutler@fchn.com
Mon Nov 19 17:38:02 2001 

Ladies and Gentlemen:

I am presuming we have some of both here.  Although, from the thread of this
weekend I think the ranks of both have thinned <<grin>>.

Trust is a very nebulous thing.  It can be affected by rumor or by failure
to meet certain pre-conceived ideas.  It is much easier to lose trust than
to gain it.  Even the absence of trust-breaking activity may not be enough
to gain trust.

So, how does this apply to freedom, liberty, and the pursuit of secure
communication?  I am not a crypto expert.  There probably are very few
crypto experts among us here.  Those that are experts may prefer to remain
anonymous for obvious reasons.  Yet, since I am not such an expert, I have
to trust that the products I choose to use are worthy of my trust.  Having
the source code available to me does not enhance my ability to personally
verify its worthiness.  Therefore I do have to trust that a group of such
experts do exist and they have taken an interest in verifying that such
products are worthy of their trust.  

This can only happen when the source code is available on the open market.
Then the experts can render an opinion without exposing their identity or
being concerned that the source code was modified for their inspection.

So, now my trust is not placed in one individual, the author.  Instead, my
trust is placed in a larger group that includes experts who can verify the
proper operation of these programs.

Therefore, when some author decides that it is in their best interests to
withhold the source code, then I know that s/he is no longer interested in
my best interests.  We all know about the three great lies:
1.  The check is in the mail.
2.  I'm from corporate and I'm here to help you.
3.  Trust me, I know what is good for you.

Which would you rather trust?  A program with:
A.  Source code readily available and open to inspection.
B.  With-out source code and prohibition to reverse engineer.

Or, as my mother used to say, "The proof is in the pudding."



CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.