SafeBoot Simon wrote:


> so what is your point? are you saying that FIPS, BITS, CC, NIST etc
> source code reviews are not acceptable?


BITS, CC and NIST don't require any source code review, only documentation
review and testing that the implementation actually belongs to the
documentation. FIPS auditing doesn't disclose any evaluation results.

> if public review as so good, then govenments would insist on open source.


Nonsense.

> They don't though, they insist on professionaly reviewed source.


So the AES competition was just an illusion?

> PGP was open source for years before a "public" reviewer found a
> glaring implementation error...


Your point being? Would it be closed source, the public might have never got
known about this. He could have just kept it secret, as a backdoor for some
intelligence service.


BTW, why exactly should I presume that you, who is obviously abusing a .NET
infected MSIE as a webbrowser, had any clue about security?