On 01/09/2014 05:28 PM, John R Pierce wrote: > On 1/9/2014 2:20 PM, Eero Volotinen wrote: >> It might be easier to compromise security of commercial products as source >> code is not available. > they seem to have succeeded in compromising STANDARDS and ALGORITHMS, to > heck with implementations. Only algorithm they compromised was an RNG that got pretty strong thumbs down from the real cryptographers. They have not compromised any IETF standard; maybe kept quite about a problem, but have not put holes in any. Most of our problems with TLS is implementations and backwards compatiblity options.