1994-12-09 - Re: BofA+Netscape

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: adam@bwh.harvard.edu (Adam Shostack)
Message Hash: 8d05a9bac15901ec490da000844402f571040d7c4b8f21256bb99ca5e90338fe
Message ID: <199412091849.KAA01760@netcom15.netcom.com>
Reply To: <199412091814.NAA07757@hermes.bwh.harvard.edu>
UTC Datetime: 1994-12-09 18:49:48 UTC
Raw Date: Fri, 9 Dec 94 10:49:48 PST

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Fri, 9 Dec 94 10:49:48 PST
To: adam@bwh.harvard.edu (Adam Shostack)
Subject: Re: BofA+Netscape
In-Reply-To: <199412091814.NAA07757@hermes.bwh.harvard.edu>
Message-ID: <199412091849.KAA01760@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:

> 	It my personal feeling that Netscape doesn't have the right
> talent mix to develop secure software.  For example, they may well get
> the RSA parts right, and then store the passphrase in a text file,
> 'for ease of use.'  The RSA is secure, but the system is not secure if
> usnauthorized people using your machine is a possibility.
> 
> 	Writing secure software is a difficult and tricky buisness
> that requires a lot of effort; early versions of Mosaic had problems.

Netscape is seeking people to write this stuff, as we heard at the
last Cypherpunks meeting. So, this is the chance for Cyppherpunks to
see it done right.

I will speculate that Netscape, being a _very_ high-visibility
company, is in contact with the folks at RSA Data Security about this,
perhaps even using them to do the integration. (Recall that Bidzos is
involved in a couple of efforts along these lines.)

This doesn't mean they'll do it right, natch, but it gives us hope
that the crypto protocols will at least be well-handled.

(Ultra-speculative scenario: If I were the NSA/FBI/COMINT
establishment, anxious to ensure "escrowed access," Netscape is
something I'd be looking at. Ultra-speculatively, we should be on the
lookout for any evidence that Netscape will be deploying any kind of
"software key escrow" scheme, e.g., any links to the TIS proposals, to
Denning, etc. "GAKscape"?)

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: majordomo@toad.com with body message of only: 
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay






Thread