Is that possible? Every system we use has to be trusted at some point. I don't trust the internet so I use https but that is only really saying that I trust the IETF or my certificate provider and I (personally) have no realistic way of knowing whether either is trustworthy.
Did the IETF miss a vulnerability when they inveted the protocol? Was there someone on the team planted by the NSA? Do the cert authorities provide the means to hack my data in some way?
I don't think they do but that is because I trust them that I don't think it would be in their interest to do this and I think that if the IETF messed with the protocol, someone would have noticed but we have seen OpenSSL bugs that have sat there for years because it was too complex for most people to understand.
It just sounds like turtles all the way down because ultimately you have to trust someone or something even if it is just time and experience.
Reducing the amount of places where you have to trust, and then demanding more transparency from those places helps create a society where less trust is needed, and fraud has fewer options.
Did the IETF miss a vulnerability when they inveted the protocol? Was there someone on the team planted by the NSA? Do the cert authorities provide the means to hack my data in some way?
I don't think they do but that is because I trust them that I don't think it would be in their interest to do this and I think that if the IETF messed with the protocol, someone would have noticed but we have seen OpenSSL bugs that have sat there for years because it was too complex for most people to understand.
It just sounds like turtles all the way down because ultimately you have to trust someone or something even if it is just time and experience.