From: Michael Motyka <mmotyka@lsil.com>
To: Jean-Francois Avon <jf_avon@citenet.net>
Message Hash: e995bdd4ac1e44b2dd100cba36115026b8c0d2fb3f02c9698ef714a19f220962
Message ID: <35EC2A76.2B83@lsil.com>
Reply To: <199809010246.WAA26608@cti06.citenet.net>
UTC Datetime: 1998-09-01 17:08:04 UTC
Raw Date: Tue, 1 Sep 1998 10:08:04 -0700 (PDT)
From: Michael Motyka <mmotyka@lsil.com>
Date: Tue, 1 Sep 1998 10:08:04 -0700 (PDT)
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: BEWARE of SnakeOil (tm)
In-Reply-To: <199809010246.WAA26608@cti06.citenet.net>
Message-ID: <35EC2A76.2B83@lsil.com>
MIME-Version: 1.0
Content-Type: text/plain
Jean-Francois Avon wrote:
>
> SNAKEOIL ALERT:
> Cc: Cypherpunks@toad.com
>
> - beware of any product that has not been *extensively* peer-reviewed, with *all* the
> source code made public. Security breaches are *very* easy to overlook and no software
> should *ever* be used unless it was peer-reviewed.
>
I'm a bit surprised that I don't see quite as much concern expressed
about hardware. If security is the goal isn't HW part of the chain?
Yeah, yeah, I know, there was a blip a while ago about Intel chips,
Microsoft kernels and keyboard snooping but it had a depressingly short
half-life. Seems to me it would be pretty easy to create rfi on a chip
and get products through FCC approval with NSA blessing. Hell, you could
probably put a good amount of FLASH on a chip and give the OS a nice
safe place to store snooped stuff. The security gaps that could be
created in an operating system are as numerous as scoundrels in
Parliament.
> They try pursue anybody who violates ITAR in a public way. If I were to walk with a
> PGP diskette across the border outside Cana-USA, I would be liable under ITAR even if I
> never wrote a line of software in my life.
>
Literally true but we all know the analogy of borders and speedbumps...
> All the govts have vested interest in disseminating pseudo-strong cryptography. This
> statement is not paranoia, it is recent and regularly recurring history.
>
Doesn't this seem to point to the need for products with a CP seal of
approval? HW/SW/Tools?
Mike
I think that in the secure communications world I would rather be a wolf
amongst sheep in wolfskins than a wolf in sheep's clothing. It would
reduce the chances of my hide being nailed to the barn door. What I'm
trying to say in a less than literate way is that the issue will only be
closed when there are $99 consumer products that implement secure
systems.
Return to September 1998
Return to “Michael Motyka <mmotyka@lsil.com>”