[ke88y]

At the very least, one would hope that credentials and perhaps also certain design documents such as threat models aren't public.

There may also be implementation details or code which are subject to NDA, either from the Fed itself or from service providers such as IBM in this case. Sometimes you can get that info from a FOIA request, but that doesn't negate the fact that the employees working on the system are bound by an NDA. The FOIA has to happen and run its course.

[rkagerer]

certain design documents such as threat models aren't public

That smells like security through obscurity (which admittedly is the status quo in the banking world).

Contrasted to approaches like Bitcoin, for which full code and whitepaper are public, and which has managed to survive every attack vector thrown at it for the last decade and a half. Not arguing for Bitcoin as money here, just highlighting the diverse approaches to security and that it shouldn't be taken as a given that hiding those details makes it more secure.

[gavinsyancey]

Fraud detection heuristics, at least, fundamentally have to rely on security through obscurity. If fraudsters know exactly what is detected as fraud, they can avoid detection.

Bitcoin gets around this by having absolutely no fraud prevention, and just saying "lol sucks for you should've been more careful"...

[DANmode]

There is fraud prevention (yes, you being careful, and more importantly, only doing transactions with parties you trust to reverse in the event of a mistake), you've just been accustomed to outsourcing this to a third party for some expected added value.

[nerevarthelame]

Using that ridiculous definition, there is no conceivable method of transaction that DOESN'T have fraud protections in place, which makes it a meaningless distinction. When people say that a system has fraud prevention methods, they obviously mean something on top of some vague notion that people shouldn't send money to people they don't trust.

[psd1]

I can't agree that Bitcoin has survived every attack vector, given the animosity over the BTC fork.

[ke88y]

LOL what? Keeping private keys private is not "security through obscurity". Or if it is then basically all security is security through obscurity.

No one is posting their private keys on github, and when they do their crypto goes poof nearly instantly. None of the exchanges publish their threat model documents. I sure as shit don't tell people where I store my private keys.

The bitcoin whitepaper and code are more analogous to the ISO standard, which is public.

[everfree]

I must have missed something. Wasn't the person you replied to talking about design documents? I don't think they suggested credentials like private keys should be public.

[patmorgan23]

Non-sequitur. OP never said anything about posting private keys publicly.

They did talk about having the entire system's source code/design publicly available.

[CobrastanJorji]

I'm not sure "don't give out the private keys" is the sort of thing that needs a special contractual agreement.

[jacobr1]

That is exactly that kind of thing that needs to be in a contract. When someone inevitably shares private keys and it results in some kind of financial loss ... who is responsible for the damages? Contracts codify the liability if it isn't otherwise defined by statute.

[seany]

> threat models

This is exactly the thing you _shouldn't_ put under NDA. What on earth?

[mistrial9]

guess -- knowing the currently discussed threat models is a competitive advantage for the dozen fintech security firms that are in on this, and a "moat" against the other four hundred fintech security firms that are frantically trying to find a way to get inside this obviously well-funded Big Gov project.

[astrange]

The Federal Reserve is self funded.

[georgeplusplus]

"self funded"

From who does it earn the money to self fund itself? It certainly isnt the commercial banks.

[astrange]

Yeah it is.

[astrange]

https://www.federalreserve.gov/faqs/about_12799.htm

[throwawayForMe2]

After 9/11 everyone in the Fed working on the payments systems had to get National Security Clearance. These systems are considered critical national infrastructure. Exposing the source code will get you jail time.