From: Adam Shostack <adam@bwh.harvard.edu>
To: ddt@lsd.com (Dave Del Torto)
Message Hash: ace8b9886f3c920946658dfceadcc9cc06ce425a3063cb5f391e9a69fadb5d77
Message ID: <199412091814.NAA07757@hermes.bwh.harvard.edu>
Reply To: <ab0dce79060210039c1b@[192.187.167.52]>
UTC Datetime: 1994-12-09 18:12:55 UTC
Raw Date: Fri, 9 Dec 94 10:12:55 PST
From: Adam Shostack <adam@bwh.harvard.edu>
Date: Fri, 9 Dec 94 10:12:55 PST
To: ddt@lsd.com (Dave Del Torto)
Subject: Re: BofA+Netscape
In-Reply-To: <ab0dce79060210039c1b@[192.187.167.52]>
Message-ID: <199412091814.NAA07757@hermes.bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain
| Lads,
|
| I thought many of you would be interested in the text of this story. I'm
| wondering if anyone has any comments on the excryption mechanism (i.e.
| "eavesdropping" protection) being used.
It my personal feeling that Netscape doesn't have the right
talent mix to develop secure software. For example, they may well get
the RSA parts right, and then store the passphrase in a text file,
'for ease of use.' The RSA is secure, but the system is not secure if
usnauthorized people using your machine is a possibility.
Writing secure software is a difficult and tricky buisness
that requires a lot of effort; early versions of Mosaic had problems.
Netscape really needs to develop a threat model that allows
them to assess the severity of potential problems. It is my guess
that they have not done so, although, I'd be pleased to hear I'm
wrong.
Everyone's favorite company, First Virtual, seems to have
developed a threat model that allows them to offload allmost all risk
and security problems to their customers. It may not be a good
solution, but at least they have considered how the security of their
system intersects the real world. Just integrating RSA does not do
that.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to December 1994
Return to “tcmay@netcom.com (Timothy C. May)”