1994-12-11 - Re: BofA+Netscape

Header Data

From: Adam Shostack <adam@bwh.harvard.edu>
To: marca@mcom.com (Marc Andreessen)
Message Hash: 5fc2b526340dc903180ae9027fe961ec57acd9d8ec504525282107e1964990a2
Message ID: <199412112302.SAA22764@bwh.harvard.edu>
Reply To: <199412112227.WAA23971@neon.mcom.com>
UTC Datetime: 1994-12-11 23:02:40 UTC
Raw Date: Sun, 11 Dec 94 15:02:40 PST

Raw message

From: Adam Shostack <adam@bwh.harvard.edu>
Date: Sun, 11 Dec 94 15:02:40 PST
To: marca@mcom.com (Marc Andreessen)
Subject: Re: BofA+Netscape
In-Reply-To: <199412112227.WAA23971@neon.mcom.com>
Message-ID: <199412112302.SAA22764@bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain


Marc Andreessen wrote:

| In article <199412091814.NAA07757@hermes.bwh.harvard.edu>, adam@bwh.harvard.edu (Adam Shostack) wrote:
| 
| >         It my personal feeling that Netscape doesn't have the right
| > talent mix to develop secure software.  For example, they may well get
| > the RSA parts right, and then store the passphrase in a text file,
| > 'for ease of use.'
| 
| My goodness, that's a bit malicious and unsubstantiated, isn't it?

	Maybe, but one, you substantiate it yourself, and two, I did
say it is my personal feeling.  I'll expand on it slightly by pointing
to the fact that there have been potentially serious bugs in Mosiac.
Thats understandable, writing really secure software that does lots of
stuff based on potentially malicious input is a tough task.  The fact
that it is understandable does not make it acceptable.n

	Until you hire the experts mentioned below, I'll continue to
assume that your talent mix does not include said experts.


	In message <199412112232.WAA24075@neon.mcom.com> Marc
Andreessen  writes:

	>Absolutely.  We certainly welcome any level of comments and
	>criticism about the SSL protocol and our implementation, and
	>we're recruiting for one or two more security experts to join
	>us -- we'll be doing quite a bit of more advanced crypto over
	>the next couple years, if all goes well.  If anyone's
	>interested, please drop me a note.  

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
						       -Hume





Thread