1995-09-20 - Re: “Hackers”– brief review and anecdote…

Header Data

From: Rich Salz <rsalz@osf.org>
To: owner-cypherpunks@toad.com
Message Hash: 45c6f6e5ad540b5b4b2826e157edabc5912bcf48574d29b3dc620bdd5de54eb4
Message ID: <9509200237.AA17967@sulphur.osf.org>
Reply To: N/A
UTC Datetime: 1995-09-20 02:38:11 UTC
Raw Date: Tue, 19 Sep 95 19:38:11 PDT

Raw message

From: Rich Salz <rsalz@osf.org>
Date: Tue, 19 Sep 95 19:38:11 PDT
To: owner-cypherpunks@toad.com
Subject: Re: "Hackers"-- brief review and anecdote...
Message-ID: <9509200237.AA17967@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>> If it wasn't for ITAR the Net would already have secure encryption and
>> authentication, and most such hacker attacks would be impossible (or at 
>> least impractical).

>The non-responsive answer is stricken from the record.  :-)
>You mean "secure" as Netscape was secure from sameer et al.?

I don't think it's non-response, I just think you don't understand
yhour expert witness.

If not for the ITAR then I could distribute my secure applications
as a binary library with the security part as source.  When you
got Netscape you'd read the security code or ask local experts to
do so.  You'd verify that the code was correct (or at least not
stupid).  You'd then compile the security code and link it against the
main object module and away you'd go.  If you didn't have a C compiler,
you'd get a binary from someone you trusted.

Of course, all this would be going on in parallel at thousands of sites
around the world.  Everyone looking at the code, finding holes, reporting
them, fixing security bugs, and so on.

But ITAR won't let you do that.

Or netscape would just make calls to the common open multiple-crypto
API that existed in a shared library in your machine.

But apparently the ITAR won't even let you do this.
	/r$





Thread