[148629] in cryptography@c2.net mail archive
Re: [Cryptography] Fwd: [IP] RSA Response to Media Claims Regarding
daemon@ATHENA.MIT.EDU (Bill Cox)
Mon Dec 23 10:39:10 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <52B83D3C.8060901@borg.org>
Date: Mon, 23 Dec 2013 09:14:50 -0500
From: Bill Cox <waywardgeek@gmail.com>
To: Cryptography List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============8383537467007747742==
Content-Type: multipart/alternative; boundary=001a113306f23a52ec04ee344039
--001a113306f23a52ec04ee344039
Content-Type: text/plain; charset=ISO-8859-1
It's good news that there was a press release about the $10M. So, RSA had
no secret contract. However, here's a morning headline that bothers me:
http://www.zdnet.com/rsa-denies-taking-10m-from-nsa-to-default-backdoored-algorithm-7000024591/
So now this press release is being morphed by some press as a denial that
the $10M deal ever happened. ZDNet is not exactly a no-name news source
for techies. It kills me how badly even tech savvy news sources butcher
the details. You get a nice clean story like what we can infer from the
above statements: RSA did take $10M, they did put flawed RNG into BSAFE,
but there was no secrecy or intent to back-door anything. Instead of
running that, we're hearing conflicting headlines of conspiracy and denial.
Surely this will damage RSA, and perhaps RSA does not deserve it, though I
think taking $10M to include code promoted by the NSA was somewhere between
risky and stupid. However, like most of the other Snowden revelations,
this will cause consumers to be more informed, and security companies like
RSA will have to do an even better job proving their trustworthiness. In
the end, I think this is good.
--001a113306f23a52ec04ee344039
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra">It's good news that there w=
as a press release about the $10M. =A0So, RSA had no secret contract. =A0Ho=
wever, here's a morning headline that bothers me:</div><div class=3D"gm=
ail_extra">
<br></div><div class=3D"gmail_extra"><a href=3D"http://www.zdnet.com/rsa-de=
nies-taking-10m-from-nsa-to-default-backdoored-algorithm-7000024591/">http:=
//www.zdnet.com/rsa-denies-taking-10m-from-nsa-to-default-backdoored-algori=
thm-7000024591/</a><br>
</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">So no=
w this press release is being morphed by some press as a denial that the $1=
0M deal ever happened. =A0ZDNet is not exactly a no-name news source for te=
chies. =A0It kills me how badly even tech savvy news sources butcher the de=
tails. =A0You get a nice clean story like what we can infer from the above =
statements: RSA did take $10M, they did put flawed RNG into BSAFE, but ther=
e was no secrecy or intent to back-door anything. =A0Instead of running tha=
t, we're hearing conflicting headlines of conspiracy and denial.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">Surely this=
will damage RSA, and perhaps RSA does not deserve it, though I think takin=
g $10M to include code promoted by the NSA was somewhere between risky and =
stupid. =A0However, like most of the other Snowden revelations, this will c=
ause consumers to be more informed, and security companies like RSA will ha=
ve to do an even better job proving their trustworthiness. =A0In the end, I=
think this is good.</div>
</div>
--001a113306f23a52ec04ee344039--
--===============8383537467007747742==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============8383537467007747742==--
