[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: properties of FV



   From: Nathaniel Borenstein <[email protected]>

   The work involved in adding optional cryptography is much more than you
   might think, particularly because of our internal security architecture.
    Basically, without going into a lot of details, the FV crypto-engine
   would have to live on the non-Internet machines that are not in our
   direct control, and this would enormously complicate the limited
   (batch!) communication we facilitate between the Internet and
   non-Internet machines.

The perceived need for crypto "below the line" comes from the
viewpoint that the system needs to be completely secure because crypto
failures must be prevented at all cost.  Rubbish.  The subsequent
claim that you couldn't possibly put crypto on the Unix boxes which
are in your control is therefore also bogus.

Let's assume that FV were to have a customer agreement that did not
contain an implied warrantee of identity for a digital signature.
Therefore if the crypto gets hacked it's just as if the email system
gets hacked.  Therefore keeping public keys (we're not talking about
FV actually signing anything) above the line on a Unix box is no
different than trusting the mailer on that same Unix box.

I really don't believe FV would have to put crypto on EDS equipment.

   The crypto option is one we're very interested in adding
   eventually, but at this point it would be a major strain on our
   resources.

I think you are far overestimating what it would take.

   Moreover, frankly, if we did it, that would only serve to
   mix our message in many peoples' perception.  It's hard enough
   explaining to reporters that "we've discovered that crypto isn't needed
   for commerce."  Their chance of understanding our message would NOT be
   enhanced if we then added "but we're providing crypto as an option
   anyway."

The message that it's "not necessary for commerce" is reactionary to
the assertation that it is necessary.  By positioning FV in an
adversarial role with respect to cryptography, you'll have the same
problem no matter when you introduce crypto.  I personally think
you'll have a harder time changing your position later, after more
people have been exposed to FV's current position.

A much better public position is that "you can do commerce with or
without crypto", which asserts independence rather than negation.
These two public positions are _not_ identical; they are similar, but
don't be fooled by some positivist notion of denotation into thinking
that they're the same.

Eric