[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why put up with KRAP?

To: [email protected] (Cypherpunks Mailing List)
Subject: Why put up with KRAP?
From: Adam Shostack <[email protected]>
Date: Tue, 9 Dec 1997 03:15:50 -0500 (EST)
Sender: [email protected]



Why put up with KRAP?

>[Network Associates] believes that although the Key Recovery Alliance
>is not in itself a political organization, membership in it has
>unintended political consequences that outweigh any technical benefits
>we may receive.

	So, this piqued my interest.  What technical benefits did NA
receive from participating in KRAP?  Did they get any?  The press
release says "may receive."  All Newspeak aside, does this mean that
there is a secret document promising the KRAP group something?   (This
is what remailers and brown paper envelopes were invented for.  I'm
sure John Young would be happy to scan in some KRAP promises.)

	If there is no secret document that comes out, we have to ask
ourselves, why the alliance?  Did these companies really see a market
demand?  Did the government make promises about size of contracts it
would offer to companies that shipped them KRAP?  (Perhaps this
relates to farming subsidies...)  If so, those companies would be well
advised to talk to AT&T, whose promised contracts for shipping the
TSD-1300 with Clipper in place of DES never materialized.

	Is there a plan for interoperable KRAP?  Is this going to
relate to interoperable SET, where competing impulses, competing
comittees, and no clear threat model or design goal lead to a spec
that isn't, and a need to go back to the drawing board?  the simple
fact is that cryptographic security is hard enough to achieve without
trying to add in layers of KRAP.

	So why bother?  Network Associates decided it wasn't worth it.

	This then, becomes an open call to the charter members of the
KRAP: Apple, Atalla, Digital, Bull, HP, IBM, NCR, RSA, Sun, TIS, and
UPS to explain what they're doing in KRAP, what they hope to achieve,
and to follow Network Associates proud example, and get the hell out.

	I'll advise shareholders in any KRAP companyto ask that same
question: Is there a reasonable ROI on the KRA, and why are you
involved?  The hall of shame is on the web:
http://www.kra.org/roster.html



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

Prev by Date: Why NOT have an Offshore Trust ??
Next by Date: Re: Cato forum tomorrow: should money laundering be a crime?
Prev by thread: Why NOT have an Offshore Trust ??
Next by thread: Our guest Area is the Best...
Index(es):
- Date
- Thread