[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape gives in to key escrow



>And thus we return to my original point, which is that it will depend on
>what is said/disclosed.  If every copy of GAKscape had a banner, bigger
>than the Netscape "N" which said, "The government can read every message
>you send using this software no matter what you do" then I think
>consumers will be hard pressed to say they weren't warned.

I don't mean to be inflamatory, but it isn't much of a point. They aren't
going to put such a banner up because that would limit their business. The
goal of Netscape (though I don't single them out), any corporation that would
profit from business of those who seek encryption while still allowing GAK,
and the government, is to limit the public's awareness of the size of the
hole. If they let people know the extent of the hole, then they'll use
products w/out it which blows profits from companies involved, and doesn't
benefit the government who want it in common use.

>I disagree.  Almost nobody read the fine print on the back of a note you
>sign when you buy a car or otherwise take out a loan, but the provisions
>are generally enforceable ...  Ignorance is not necessarily an excuse.

The question is whether there was false representation of the security of
the product.
1. The general knowledge of encryption and secure electronic financial
transactions is significantly lower than that of more standard
transactions.

2. Applying for a loan or buying a car involve actively going out, negotiating,
signing contracts, etc. It will be much simpler to simply stick your vital
info into a 'secure' browser.

3. The choice of browser to use will be done, based on representations by
companies about the security of their product. If Netscape doesn't
explicitly
state in direct terms when accessing the browser that the GAK is a
potential security risk, then they will be sued. Simply because someone
will get blamed.

Since they (or again any company that incorporates GAK.. I really don't
want to target Netscape in specific) will make the threat sound as
insignificant as possible, and not bring it to people's attention (and they
can't afford to do so) when (not if) it is breached they will be taken to
court repeatedly.

>
>EBD

Jonathan

------------------------------------------------------------------------
..Jonathan Zamick                    Consensus Development Corporation..
..<[email protected]>                      1563 Solano Ave, #355..
..                                             Berkeley, CA 94707-2116..
..                                        o510/559-1500  f510/559-1505..
..Mosaic/WWW Home Page:                                               ..
..  <A HREF="http://www.consensus.com/">Consensus Home Page</A>       ..