[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Remind me why we're so mad at Netscape

Could someone please remind me what it is we're mad at Netscape about?
As far as I can tell it's some combination of the following offenses:

(a) - Jim Clark made a speech in which he revealed that he thought the
government would be a player in determining the way cryptography ends
up being deployed on the Internet.  He was quoted in the trade press,
but it was unclear exactly which words were actually his.  Asked to
clarify, he said that Netscape would implement mandatory government
access across its product line only if required to by law, but he
observed that things seem to be moving in that direction.  I share his
pessimism, unfortunately, unless we find a way to shift the winds.

(b) Netscape contracted with the government to produce a ``Fortezza''
version of their browser for government use.  They negotiated to get a
lot of money for this (maybe something like $5 million).  Good for
them.  Personally, I *like* the Fortezza interface; the API seems to
provide a good abstraction for hardware and software crypto, it's easy
to replace the module with something else (like software 3DES with no
key escrow), and it's easy to defeat the key escrow features.  Of
course, maybe I'm just defending them out of guilty self-interest
here, since I've played around with the Fortezza interface quite a bit
myself, although they never sent me my $5 million.

(c) No one from Netscape attended Bernstein hearing.  I wish someone
had let me know beforehand that that was to be the litmus test for the
right to claim cryptographic correctness, or I would have flown right
out.  I guess I blew it, too.

(d) Their stock price is very high, many times greater than their
profits and physical assets would seem to justify.  I'm not sure I
understand the implication here.  Maybe that this is proof that in
exchange for selling out (by committing sins (a), (b) and (c), above),
the secret NSA stock-price-manipulation cabal rigged the market to
overvalue their stock?  Wow.

Don't get me wrong here; it may be useful to make clear that the market
(to the extent that any of us can claim to represent any market they
would be interested in) won't tolerate vendors who put the government's
desires ahead of their customer's security needs.   But I have yet to
see any actual evidence that that's what's happened here, and I'd hate to
see Netscape loose a lot of good people who could go a long way toward
deploying real security on the net over something that turns out to have
been a false alarm.

Disclaimer: I'm employed full time by a soon-to-be-tri-vested major
player in the military industrial complex, and us sellouts like to
stick together.