[149073] in cryptography@c2.net mail archive
Re: [Cryptography] Boing Boing pushing an RSA Conference boycott
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Wed Jan 15 23:55:54 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAM4zynhOqj1tvkidExWnwuuz1195d9jtFSQZaPcfp6=_x89Y9w@mail.gmail.com>
Date: Wed, 15 Jan 2014 17:41:51 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Jonathan Hunt <j@me.net.nz>
Cc: "Salz, Rich" <rsalz@akamai.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============7477126859581475814==
Content-Type: multipart/alternative; boundary=001a11c34db8d23bbc04f00a038f
--001a11c34db8d23bbc04f00a038f
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Jan 15, 2014 at 5:04 PM, Jonathan Hunt <j@me.net.nz> wrote:
> > Rather than compiling lists of people who should be drummed out of the
> > industry for bad decisions their companies made in the past, how about
> > compiling a list of proposals for things that you think people should get
> > drummed out for in the future?
>
> I really don't understand how much worse RSA's situation could get
> before you'd agree with "drumming them out."
Tweet from Art Coviello saying "Time for some NSA backdoors in Fort Lee"
> They secretly took money
> from the NSA.
No they didn't. I knew about the deal at the time and I was a competitor.
RSA made no secret about getting the NSA gig. The only thing they didn't
publish was the amount and my sales guys knew that. It is probably in the
federal register.
> They, inexplicably, left a known-likely-backdoored RNG
> as the default in their crytography library for 5 years (while
> marketing it as being vetted by experts). Their recent response was
> laughable (essentially saying they used NIST standards and abdicating
> their own judgement). Is there anything a security company can do that
> would make you loose your good faith in them?
>
No, I don't have much faith in them anyway so nothing to lose there.
> (it also important to say that I'm not saying anything about
> individual employees/owners etc of RSA most of whom were probably
> uninvolved).
>
The people who made the decisions are likely long gone.
Corporations are not people.
--
Website: http://hallambaker.com/
--001a11c34db8d23bbc04f00a038f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Wed, Jan 15, 2014 at 5:04 PM, Jonathan Hunt <span dir=3D"ltr">&l=
t;<a href=3D"mailto:j@me.net.nz" target=3D"_blank">j@me.net.nz</a>></spa=
n> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">> Rather than compiling=
lists of people who should be drummed out of the<br></div><div class=3D"im=
">
> industry for bad decisions their companies made in the past, how about=
<br>
> compiling a list of proposals for things that you think people should =
get<br>
> drummed out for in the future?<br>
<br>
</div>I really don't understand how much worse RSA's situation coul=
d get<br>
before you'd agree with "drumming them out." </blockquote><di=
v><br></div><div>Tweet from Art Coviello saying "Time for some NSA bac=
kdoors in Fort Lee"</div><div><br></div><div>=A0</div><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad=
ding-left:1ex">
They secretly took money<br>
from the NSA. </blockquote><div><br></div><div>No they didn't. I knew a=
bout the deal at the time and I was a competitor. RSA made no secret about =
getting the NSA gig. The only thing they didn't publish was the amount =
and my sales guys knew that. It is probably in the federal register.</div>
<div><br></div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">They, inexplica=
bly, left a known-likely-backdoored RNG<br>
as the default in their crytography library for 5 years (while<br>
marketing it as being vetted by experts). Their recent response was<br>
laughable (essentially saying they used NIST standards and abdicating<br>
their own judgement). Is there anything a security company can do that<br>
would make you loose your good faith in them?<br></blockquote><div><br></di=
v><div>No, I don't have much faith in them anyway so nothing to lose th=
ere.</div><div><br></div><div>=A0</div><blockquote class=3D"gmail_quote" st=
yle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
(it also important to say that I'm not saying anything about<br>
individual employees/owners etc of RSA most of whom were probably<br>
uninvolved).<br>
</blockquote></div><br>The people who made the decisions are likely long go=
ne.<br clear=3D"all"><div><br></div><div>Corporations are not people.</div>=
<div><br></div><div><br></div>-- <br>Website: <a href=3D"http://hallambaker=
.com/">http://hallambaker.com/</a><br>
</div></div>
--001a11c34db8d23bbc04f00a038f--
--===============7477126859581475814==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============7477126859581475814==--
