[149018] in cryptography@c2.net mail archive
Re: [Cryptography] Boing Boing pushing an RSA Conference boycott
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Mon Jan 13 21:19:24 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <52D439C3.8010206@borg.org>
Date: Mon, 13 Jan 2014 14:35:06 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Kent Borg <kentborg@borg.org>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============7379211711509781505==
Content-Type: multipart/alternative; boundary=001a1134379645cf4f04efdf2c90
--001a1134379645cf4f04efdf2c90
Content-Type: text/plain; charset=ISO-8859-1
On Mon, Jan 13, 2014 at 2:08 PM, Kent Borg <kentborg@borg.org> wrote:
> On 01/13/2014 10:23 AM, Phillip Hallam-Baker wrote:
>
>> Unless someone shows evidence that RSA actually knew they were being
>> punked, the boycott makes no sense. And I can't believe that evidence
>> exists because there was absolutely no need to tell RSA they were being
>> punked to get the outcome they wanted.
>>
>
> Two points.
>
>
> First, RSA knew--or certainly should have known--that they were in the
> business of selling security, yet they failed in that. Worse, thewy failed
> spectacularly and sold something not just broken, but something with a
> backdoor specifically designed to defeat security. As you well know, this
> is serious business.
>
> I don't think the suits knew what they were doing, I think they were just
> chasing money, they didn't ask too many questions that might get in the way
> of that money. Businessmen do that. We all know (suits, too), security
> doesn't sell, buzzwords sell. They sold the buzzwords without the
> security. Nearly everyone does it to some degree. They did it worse, they
> were in a position of trust.
>
Absolutely right. But how should we respond?
> If we can't make selling security pay, we can maybe make selling
> insecurity cost. There are a lot of other suits watching this, seeing how
> RSA fairs. I want them to see something gruesome, something that worries
> them. (The same way I want a banker or two who nearly dumped us into
> recession to go to jail, so others will think twice.)
>
There should be a penalty, no question. But what should the penalty be?
We should not choose a penalty that causes collateral damage on our side. A
much more effective response would be to gut the RSA token business. That
hurts EMC's bottom line directly. Changing the speaker lineup at the show
does not.
If the RSA token business is gutted there will be no reason for EMC to keep
RSA Labs or the name.
Lets pick out battles here.
--
Website: http://hallambaker.com/
--001a1134379645cf4f04efdf2c90
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Mon, Jan 13, 2014 at 2:08 PM, Kent Borg <span dir=3D"ltr"><<a=
href=3D"mailto:kentborg@borg.org" target=3D"_blank">kentborg@borg.org</a>&=
gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On 01/13/2014 10:23 AM, Ph=
illip Hallam-Baker wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Unless someone shows evidence that RSA actually knew they were being punked=
, the boycott makes no sense. And I can't believe that evidence exists =
because there was absolutely no need to tell RSA they were being punked to =
get the outcome they wanted.<br>
</blockquote>
<br></div>
Two points.<br>
<br>
<br>
First, RSA knew--or certainly should have known--that they were in the busi=
ness of selling security, yet they failed in that. =A0Worse, thewy failed s=
pectacularly and sold something not just broken, but something with a backd=
oor specifically designed to defeat security. As you well know, this is ser=
ious business.<br>
<br>
I don't think the suits knew what they were doing, I think they were ju=
st chasing money, they didn't ask too many questions that might get in =
the way of that money. =A0Businessmen do that. =A0We all know (suits, too),=
security doesn't sell, buzzwords sell. =A0They sold the buzzwords with=
out the security. =A0Nearly everyone does it to some degree. =A0They did it=
worse, they were in a position of trust.<br>
</blockquote><div><br></div><div>Absolutely right. But how should we respon=
d?</div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0=
0 .8ex;border-left:1px #ccc solid;padding-left:1ex">If we can't make s=
elling security pay, we can maybe make selling insecurity cost. =A0There ar=
e a lot of other suits watching this, seeing how RSA fairs. =A0I want them =
to see something gruesome, something that worries them. =A0(The same way I =
want a banker or two who nearly dumped us into recession to go to jail, so =
others will think twice.)<br>
</blockquote></div><br clear=3D"all"><div>There should be a penalty, no que=
stion. But what should the penalty be?</div><div><br></div><div>We should n=
ot choose a penalty that causes collateral damage on our side. A much more =
effective response would be to gut the RSA token business. That hurts EMC&#=
39;s bottom line directly. Changing the speaker lineup at the show does not=
.</div>
<div><br></div><div>If the RSA token business is gutted there will be no re=
ason for EMC to keep RSA Labs or the name.</div><div><br></div><div><br></d=
iv><div>Lets pick out battles here.</div><div><br></div><div><br></div>
-- <br>Website: <a href=3D"http://hallambaker.com/">http://hallambaker.com/=
</a><br>
</div></div>
--001a1134379645cf4f04efdf2c90--
--===============7379211711509781505==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============7379211711509781505==--
