1997-12-09 - Why put up with KRAP?

Header Data

From: Adam Shostack <adam@homeport.org>
To: cypherpunks@cyberpass.net (Cypherpunks Mailing List)
Message Hash: 69c7708a362f4b3743cd23947837a9f4242516da31d2480733006c5099b304c2
Message ID: <199712090815.DAA10607@homeport.org>
Reply To: N/A
UTC Datetime: 1997-12-09 08:32:13 UTC
Raw Date: Tue, 9 Dec 1997 16:32:13 +0800

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Tue, 9 Dec 1997 16:32:13 +0800
To: cypherpunks@cyberpass.net (Cypherpunks Mailing List)
Subject: Why put up with KRAP?
Message-ID: <199712090815.DAA10607@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain




Why put up with KRAP?

>[Network Associates] believes that although the Key Recovery Alliance
>is not in itself a political organization, membership in it has
>unintended political consequences that outweigh any technical benefits
>we may receive.

	So, this piqued my interest.  What technical benefits did NA
receive from participating in KRAP?  Did they get any?  The press
release says "may receive."  All Newspeak aside, does this mean that
there is a secret document promising the KRAP group something?   (This
is what remailers and brown paper envelopes were invented for.  I'm
sure John Young would be happy to scan in some KRAP promises.)

	If there is no secret document that comes out, we have to ask
ourselves, why the alliance?  Did these companies really see a market
demand?  Did the government make promises about size of contracts it
would offer to companies that shipped them KRAP?  (Perhaps this
relates to farming subsidies...)  If so, those companies would be well
advised to talk to AT&T, whose promised contracts for shipping the
TSD-1300 with Clipper in place of DES never materialized.

	Is there a plan for interoperable KRAP?  Is this going to
relate to interoperable SET, where competing impulses, competing
comittees, and no clear threat model or design goal lead to a spec
that isn't, and a need to go back to the drawing board?  the simple
fact is that cryptographic security is hard enough to achieve without
trying to add in layers of KRAP.

	So why bother?  Network Associates decided it wasn't worth it.

	This then, becomes an open call to the charter members of the
KRAP: Apple, Atalla, Digital, Bull, HP, IBM, NCR, RSA, Sun, TIS, and
UPS to explain what they're doing in KRAP, what they hope to achieve,
and to follow Network Associates proud example, and get the hell out.

	I'll advise shareholders in any KRAP companyto ask that same
question: Is there a reasonable ROI on the KRA, and why are you
involved?  The hall of shame is on the web:
http://www.kra.org/roster.html



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







Thread