[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: properties of FV
From: Nathaniel Borenstein <[email protected]>
The work involved in adding optional cryptography is much more than you
might think, particularly because of our internal security architecture.
Basically, without going into a lot of details, the FV crypto-engine
would have to live on the non-Internet machines that are not in our
direct control, and this would enormously complicate the limited
(batch!) communication we facilitate between the Internet and
non-Internet machines.
The perceived need for crypto "below the line" comes from the
viewpoint that the system needs to be completely secure because crypto
failures must be prevented at all cost. Rubbish. The subsequent
claim that you couldn't possibly put crypto on the Unix boxes which
are in your control is therefore also bogus.
Let's assume that FV were to have a customer agreement that did not
contain an implied warrantee of identity for a digital signature.
Therefore if the crypto gets hacked it's just as if the email system
gets hacked. Therefore keeping public keys (we're not talking about
FV actually signing anything) above the line on a Unix box is no
different than trusting the mailer on that same Unix box.
I really don't believe FV would have to put crypto on EDS equipment.
The crypto option is one we're very interested in adding
eventually, but at this point it would be a major strain on our
resources.
I think you are far overestimating what it would take.
Moreover, frankly, if we did it, that would only serve to
mix our message in many peoples' perception. It's hard enough
explaining to reporters that "we've discovered that crypto isn't needed
for commerce." Their chance of understanding our message would NOT be
enhanced if we then added "but we're providing crypto as an option
anyway."
The message that it's "not necessary for commerce" is reactionary to
the assertation that it is necessary. By positioning FV in an
adversarial role with respect to cryptography, you'll have the same
problem no matter when you introduce crypto. I personally think
you'll have a harder time changing your position later, after more
people have been exposed to FV's current position.
A much better public position is that "you can do commerce with or
without crypto", which asserts independence rather than negation.
These two public positions are _not_ identical; they are similar, but
don't be fooled by some positivist notion of denotation into thinking
that they're the same.
Eric