[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Netscape and NSA
Rishab Aiyer Ghosh wrote:
>
> Any special reason why Netscape is working with
> the NSA to support their Fortezza encryption card?
>
> ObConspiracyTheory: Hmmmmm....
>
> Nice government-friendly Jim Clark quote, with the rest of the story
> http://www-e1c.gnn.com/gnn/wr/96/01/12/features/nsa/index.html
Here is another quote for you:
"Netscape will fight in all forums for totally private
encryption." -- Jim Barksdale Netscape CEO
One particularly interesting paragraph from the GNN article is:
"One senior Federal Government source has reported that
NSA has been particularly successful in convincing
key members of the US software industry to cooperate
with it in producing software that makes Internet
messages easier for NSA to intercept, and if they are
encrypted, to decode," Madsen wrote. "A
knowledgeable government source claims that the NSA
has concluded agreements with Microsoft, Lotus and
Netscape to permit the introduction of the means to
prevent the anonymity of Internet electronic mail, the use
of cryptographic key-escrow, as well as software industry
acceptance of the NSA-developed Digital Signature Standard (DSS)."
I believe that the reference to Netscape in this paragraph is
a distortion of our agreement with the NSA. They agreed to
buy some of our current products, which they paid for, and to
buy products in the future that support Fortezza. Given the
large number of organizations within the government that are
standardizing on fortezza, our motivation for producing such
a product should be obvious. I think in the end the non-NSA
purchases of Fortezza based products within the government
will be much larger than what the NSA buys.
Once we have implemented Fortezza we would like to add support
for many alternative crypto cards that are not GAK'd and are more
apropriate for commercial or personal use. We will also continue
to offer software encryption.
Management here has never asked me not to implement anonymity
enhancing features. They have not asked me to implement DSS.
They have not asked me to implement GAK. Management has
let me hold up a release to fix a bug that was causing a
user's identity to be accessible from a server. We have
awarded several bugs bounty prizes to people who found
bugs related to privacy.
I understand that in his keynote speach at the RSA Security
Conference Jim Barksdale repeated our strong opposition to
GAK. Perhaps someone who attended could provide more details.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.