Re: Lost Trust
Anthony DeRobertis wrote:
> On Jun 2, 2004, at 03:05, Bernhard R. Link wrote:
>> * Brian Nelson <firstname.lastname@example.org> [040602 01:54]:
>>> Also, vendors in the USA may be required by law to not release the
>>> source in order to comply with FCC regulations.
>> Has anyone any source or quote for this?
> Look at Section C of that order. It doesn't actually say you can't
> release the source; it just says things like:
> Accordingly, we are adopting the proposal in the Notice
> that manufacturers must take steps to prevent unauthorized
> software changes to a software defined radio. The precise
> methods of ensuring the integrity of the software in a radio
> will be left to the manufacturer, and the manufacturer must
> document the methods in the application for equipment
> Also, B(1) about Class III changes is relevant.
> Other sections say things like:
> We are requiring manufacturers to take steps to ensure that
> only software that has been approved by the FCC or a TCB can
> be loaded into a transmitter. The software must not allow the
> user to operate the transmitter with frequencies, output power,
> modulation types or other parameters outside of those that were
> approved. Manufacturers may use authentication codes or any
> other means to meet these requirements, and must describe the
> methods in their application for equipment authorization.
Since keeping the source secret doesn't actually help with any of this
(security through obscurity has been debunked), this really has nothing to
do with "not releasing the source".
It does seem to mandate some kind of key-encryption scheme in the hardware.
There are none so blind as those who will not see.