[kaeporan]

Why isn't Moxie replying? Publishing an audit, with or without vulnerabilities, surely is beneficial to TextSecure. I don't understand their reticence to publish audits. We know OTF has commissioned at least two audits for them, but not a word has been heard about them.

In fact, OTF has actually complained about their projects choosing not to publish audits: https://www.opentechfund.org/article/bringing-openness-secur...

[tptacek]

This is the sixth time you've "asked" in this thread about TextSecure's audit. Cryptocat has literally never implemented a crypto feature of any sort, from random number generation all the way through user authentication, without some terrible vulnerability. TextSecure, on the other hand, is the subject of a total of zero published crypto vulnerabilities.

Whatever Moxie's reasons for not having published their audit, I'm sure they're valid. Either way, no amount of innuendo about TextSecure is going to change the ground truth about your own project.

There might be no person on the Internet more poorly positioned to cast aspersions on other people's projects than you. Please stop.

[kaeporan]

To be clear, I'm not trying to cast aspersions. As I've already stated, TextSecure is a great project that I strongly recommend.

I'm trying to have a serious discussion regarding transparency of audits. I feel your reaction is overly aggressive and not genuinely constructive.