[149043] in cryptography@c2.net mail archive
Re: [Cryptography] Boing Boing pushing an RSA Conference boycott
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Tue Jan 14 14:04:03 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <1389724560.22018.9.camel@excessive.dsl.static.sonic.net>
Date: Tue, 14 Jan 2014 14:01:36 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Bear <bear@sonic.net>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Kent Borg <kentborg@borg.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1500747795862316443==
Content-Type: multipart/alternative; boundary=14dae94736b5528f6904eff2d216
--14dae94736b5528f6904eff2d216
Content-Type: text/plain; charset=ISO-8859-1
On Tue, Jan 14, 2014 at 1:36 PM, Bear <bear@sonic.net> wrote:
> On Mon, 2014-01-13 at 14:16 -0500, Kent Borg wrote:
> > On 01/13/2014 10:23 AM, Phillip Hallam-Baker wrote:
> > > Unless someone shows evidence that RSA actually knew they were being
> > > punked, the boycott makes no sense.
>
> > If we can't make selling security pay, we can maybe make selling
> > insecurity cost. There are a lot of other suits watching this, seeing
> > how RSA fairs. I want them to see something gruesome, something that
> > worries them. (The same way I want a banker or two who nearly dumped us
> > into DEPRESSION to go to jail, so others will think twice.)
>
> I tend to agree. If RSA doesn't go down in flames over its utter
> failure, then people will learn from that fact that security is a
> joke industry. That's a problem we already have badly enough with
> the failure after failure after failure revealed by the Snowdon
> files.
>
> I don't think that there is any real hope of building a secure
> infrastructure for the world if the world learns by this example
> that an industry leading security company can completely fail in
> its primary mission without consequence.
>
> That would be a vote of no confidence in the entire security
> industry, like an acknowledgement that there can never be security
> and there's no point in even trying.
>
I am really reluctant to set that type of precedent. I think that we are
not finished with the disclosures yet. If we take everyone out to the
woodshed and hack their heads off each time we find out about the next NSA
hack, well we might find that none of us are left to do the work that needs
to be done.
> That said, I don't think a conference boycott is specific enough.
> A conference boycott hurts everyone at the conference. And most
> of them have not been complicit (or merely incompetent, which is
> nearly as bad) in betrayal of the public.
>
That is my problem. Hurt RSA if you like, fine. But boycotting the show is
like boycotting the village fete because the Lord of the Manor let a cow
get loose and trample everyone's begonias.
--
Website: http://hallambaker.com/
--14dae94736b5528f6904eff2d216
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Tue, Jan 14, 2014 at 1:36 PM, Bear <span dir=3D"ltr"><<a href=
=3D"mailto:bear@sonic.net" target=3D"_blank">bear@sonic.net</a>></span> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On Mon, 2014-01-13 at 14:1=
6 -0500, Kent Borg wrote:<br>
> On 01/13/2014 10:23 AM, Phillip Hallam-Baker wrote:<br>
> > Unless someone shows evidence that RSA actually knew they were be=
ing<br>
> > punked, the boycott makes no sense.<br>
<br>
</div><div class=3D"im">> If we can't make selling security pay, we =
can maybe make selling<br>
> insecurity cost. =A0There are a lot of other suits watching this, seei=
ng<br>
> how RSA fairs. =A0I want them to see something gruesome, something tha=
t<br>
> worries them. =A0(The same way I want a banker or two who nearly dumpe=
d us<br>
> into DEPRESSION to go to jail, so others will think twice.)<br>
<br>
</div>I tend to agree. =A0If RSA doesn't go down in flames over its utt=
er<br>
failure, then people will learn from that fact that security is a<br>
joke industry. =A0That's a problem we already have badly enough with<br=
>
the failure after failure after failure revealed by the Snowdon<br>
files.<br>
<br>
I don't think that there is any real hope of building a secure<br>
infrastructure for the world if the world learns by this example<br>
that an industry leading security company can completely fail in<br>
its primary mission without consequence.<br>
<br>
That would be a vote of no confidence in the entire security<br>
industry, like an acknowledgement that there can never be security<br>
and there's no point in even trying.<br></blockquote><div><br></div><di=
v>I am really reluctant to set that type of precedent. I think that we are =
not finished with the disclosures yet. If we take everyone out to the woods=
hed and hack their heads off each time we find out about the next NSA hack,=
well we might find that none of us are left to do the work that needs to b=
e done.</div>
<div><br></div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
That said, I don't think a conference boycott is specific enough.<br>
A conference boycott hurts everyone at the conference. =A0And most<br>
of them have not been complicit (or merely incompetent, which is<br>
nearly as bad) in betrayal of the public.<br></blockquote><div><br></div><d=
iv>That is my problem. Hurt RSA if you like, fine. But boycotting the show =
is like boycotting the village fete because the Lord of the Manor let a cow=
get loose and trample everyone's begonias.</div>
<div><br></div></div><div><br></div>-- <br>Website: <a href=3D"http://halla=
mbaker.com/">http://hallambaker.com/</a><br>
</div></div>
--14dae94736b5528f6904eff2d216--
--===============1500747795862316443==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1500747795862316443==--
