[tga_d]

You're being unfair and you know it. Lavabit, the RSA fiasco, Apple's imessage crypto, etc. are all perfectly mainstream examples of closed-source crypto done wrong. As you said yourself, the only thing that conclusively makes a difference is if the crypto is "well vetted," having the source available is simply a means of making this easier. Classifying the quality of crypto-implementations based on the source model alone ("The track record of open source cryptography is bad.")is just disingenuous.

[tptacek]

No, I'm not being unfair. I don't think "open source" versus "closed source" has much at all to do with how secure a cryptosystem is. I do think having Trevor Perrin and Moxie Marlinspike working on your crypto design has a lot to do with how secure a cryptosystem is.

[tga_d]

Yes, you are being unfair. You can't say I don't think "open source" versus "closed source" has much at all to do with how secure a cryptosystem is (somewhat agreed) while simultaneously saying The track record of open source cryptography is bad (utter nonsense and misleading), unless your point is that closed source cryptography has an equally bad record.