[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The Good Doctor (Dobb that is) on DSNT



The January 1997 Dr. Dobb's Journal has a somewhat interesting interview with Eva Bozoki, Chief Scientist for Digital Secured Networks which more about scientific research in the old USSR as it does about VPN's and encryption. Some notable quotes from Ms. Bozoki:

"If people understand our competence, they will trust the product."

"I don't like key escrow because I don't trust anybody."

"We add a twist by encrypting the public key exchange."

Seems like the interviewer had a nice chat with Ms. Bozoki but it is a shame that he did not press her on more technical details. It is after all a programmer's journal. I find the first two quotes interesting in that it would appear that Ms. Bozoki would not purchase the product she is creating! In order to establish trust in an encryption product more is required than simply agreeing that the company is competent. Competence does not imply trustworthiness. Trust can be established through review and examination of the innards, algo's and source code. A quick read of www.dsnt.com does not reveal any additional information on the crypto used (other than it being a 512 byte public key algo using Diffie-Hellman key exchange). Yet it would seem that DSNT has painted themselves into a corner as revealing their architecture would make encrypting the public keys ineffective.

The interviewer also failed to press Ms. Bozoki for a position regarding key escrow. She states that she does not like key escrow but she does say (when discussing how security is being retrofitted into TCP/IP) "So you have to make sure that certain secrets don't go out and that you can legally wiretap certain conversations in a situation which wasn't designed for that." And also she mentions "the need for a government to defend its country". So does DSNT's products support wiretapping out of the box? 


--j
-----------------------------------
| John Fricker ([email protected])
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------