From: jim@bilbo.suite.com (Jim Miller)
Date: Thu, 21 Dec 95 22:49:28 PST
To: prm-ml@rome.isl.sri.com
Subject: Re: Attacking Clipper with timing info?
Message-ID: <9512220648.AA17385@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain


> I suppose the correct answer is, "It depends."
> 

> It depends on your definition of "should" in the above
> paragraph.  If "should" means "in keeping with the NSA's
> mission statement", then I believe the NSA should remain
> quite and exploit the vulnerability as a national
> technical asset.  If "should" means "in support of US
> commerce", then the answer would be that they should
> announce/fix the vulnerability.
> 

> I'm not sure from your tone which one you believe to be the
> correct definition.  :-) 

> 


I don't know myself.  That's why I still occasionally think about it.  It  
is sometimes comforting to think there is a US agency with the expertise  
of the NSA.  At other times I wonder if we're getting the most for our tax  
money.  Unfortunately, it would be impossible to generate a meaningful  
cost/benefit analysis even if the NSA was not a secret agency.

Of course, if we did not pax taxes there would be no need to wonder if  
we're getting our money's worth.  A self-funded,for-profit NSA?  Now  
there's a liberatarian idea if I ever heard one.

Jim_Miller@suite.com