[148660] in cryptography@c2.net mail archive
Re: [Cryptography] Fwd: [IP] RSA Response to Media Claims Regarding
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Tue Dec 24 13:08:35 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 23 Dec 2013 21:29:39 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: Kent Borg <kentborg@borg.org>
In-Reply-To: <52B83D3C.8060901@borg.org>
X-SA-Exim-Mail-From: tytso@thunk.org
Cc: Cryptography List <cryptography@metzdowd.com>,
Bill Cox <waywardgeek@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Mon, Dec 23, 2013 at 08:40:12AM -0500, Kent Borg wrote:
> - We were too stupid to have an opinion about Dual EC DRBG, we
> didn't know it had any problems. Just because we have legendary
> initials as our name doesn't change that we are just ignorant
> businessmen, honest, we don't know any better.
Actually, I believe this. Never attribute to malice what can be what
can adequately explained by incompetence.
That might not change my opinion, though, if someone asked me for
advice about whether to buy products from RSA --- would *you* want to
buy products from a company that (a) allowed to have their SecureID
tokens get compromised[1], and (b) allowed themselves to be suckered
by the NSA?
[1] http://arstechnica.com/security/2011/06/rsa-finally-comes-clean-securid-is-compromised/
As for the rest, the lesson we should take from this is, moving
forward, if any company in the future hears the words, "I'm from the
NSA and I'm here to help", they should run away, as fast their legs
can carry them.
- Ted
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
