[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: BofA+Netscape
Adam Shostack wrote:
> It my personal feeling that Netscape doesn't have the right
> talent mix to develop secure software. For example, they may well get
> the RSA parts right, and then store the passphrase in a text file,
> 'for ease of use.' The RSA is secure, but the system is not secure if
> usnauthorized people using your machine is a possibility.
>
> Writing secure software is a difficult and tricky buisness
> that requires a lot of effort; early versions of Mosaic had problems.
Netscape is seeking people to write this stuff, as we heard at the
last Cypherpunks meeting. So, this is the chance for Cyppherpunks to
see it done right.
I will speculate that Netscape, being a _very_ high-visibility
company, is in contact with the folks at RSA Data Security about this,
perhaps even using them to do the integration. (Recall that Bidzos is
involved in a couple of efforts along these lines.)
This doesn't mean they'll do it right, natch, but it gives us hope
that the crypto protocols will at least be well-handled.
(Ultra-speculative scenario: If I were the NSA/FBI/COMINT
establishment, anxious to ensure "escrowed access," Netscape is
something I'd be looking at. Ultra-speculatively, we should be on the
lookout for any evidence that Netscape will be deploying any kind of
"software key escrow" scheme, e.g., any links to the TIS proposals, to
Denning, etc. "GAKscape"?)
--Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: [email protected] with body message of only:
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay