1997-10-02 - Re: Stronghold

Header Data

From: Anonymous <nobody@REPLAY.COM>
To: cypherpunks@cyberpass.net
Message Hash: e3aafec15fbdd5e0d54064ae54fd4907d1592a3ba2a27b8df92b2105b7ac2af4
Message ID: <199710021515.RAA14546@basement.replay.com>
Reply To: N/A
UTC Datetime: 1997-10-02 15:42:21 UTC
Raw Date: Thu, 2 Oct 1997 23:42:21 +0800

Raw message

From: Anonymous <nobody@REPLAY.COM>
Date: Thu, 2 Oct 1997 23:42:21 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Stronghold
Message-ID: <199710021515.RAA14546@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain

C2Net was wrong to censor the cypherpunks list in the guise of moderation.
It was wrong to send threatening letters to people who claimed its
products were weak.  The whole moderation/censorship experiment was a
terrible mistake.  The actions taken by C2Net were completely unjustified.

At the same time, it is dishonest to say that its products have
backdoors or are weak.  There is no evidence whatsoever that this
is the case.

It may stretch the intellects of some cypherpunks beyond the breaking
point to hold these two views about matters at the same time.  In the
black and white world where some cypherpunks live, a company which
tries to prevent criticism is evil, hence it must be fraudulent as well.
More mature list readers will recognize that a company or a person can
be wrong in some actions while being right in other ways.

The burden of proof in claiming that there is a weakness in someone's
security product is on those making the claim.  Compare the unfounded
statements by Vulis with the carefully documented breaks of weak
software by Ian Goldberg, David Wagner, John Kelsey, and Bruce Schneier.
What if Goldberg and Wagner had claimed that Netscape's RNG seeding was
weak, without providing any more evidence than that claim?  What if
Schneier et al had broken cellular phone encryption without backing it
up?  They would have been justifiably ignored.

If anyone really does believe that C2Net's products have backdoors or
weaknesses, why don't they present them?  Either they want people to keep
using C2Net's supposedly broken products, which reflects badly on them,
or they want people to stop but they are unable to present any evidence
of these purported weaknesses.

When Vulis or anyone else claims Stronghold is broken, ask him why he is
presenting his claims in a form which will cause people to keep using
this "broken" software.  Does he want people to have weak encryption?
Is he in favor of backdoors?  If not, he would surely present evidence
of the weaknesses, if there is any.  Make Vulis explain his motivations
when he makes these claims.