From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 2 Dec 1995 09:11:11 +0800
To: JonathanZ@consensus.com (Jonathan Zamick)
Subject: Re: Netscape gives in to key escrow
In-Reply-To: <v02120d00ace510ca1c12@[157.22.240.13]>
Message-ID: <199512012319.SAA20311@homeport.org>
MIME-Version: 1.0
Content-Type: text


Jonathan Zamick wrote:
| > Brian Davis wrote:
| >I they tell you about it and you buy it anyway -- tough luck.
| >
| >
| >Same with the cars.  Would *you* buy Pinto with explosives in it????
| >(leaving aside the "inherently dangerous" argument for the moment on the
| >products liability claim).
| >
| >EBD
| 
| Hmm. The key point is that almost no general users will have a clue what
| actual security is, and what GAK is. They _might_ understand the risks of
| having an explosive in their vehicle (but can just as easily argue it wasn't
| properly designed if it went off improperly.) Regardless of what they'd know
| about their vehicle, they can easily claim to had the risks associated with
| GAK improperly represented, Netscape misleading them with deceptive claims
| of security given this potential hole etc.

	I'd just like to add one bit to what Jonathan said here.  That
is the AT&T Clipper phones don't come with 'Big Brother Inside'
stickers on them.  The phrase 'key escrow' is not used in the manual
(near as I remember.)  The disclaimer is in very small print.

	Its not a reasonable expectation that a product being touted
as 'secure' is known to its makers to be insecure.  Expecting John Q.
Public to know that without warning labels seems like a strech.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume