[149096] in cryptography@c2.net mail archive
Re: [Cryptography] Boing Boing pushing an RSA Conference boycott
daemon@ATHENA.MIT.EDU (Sean Lynch)
Sat Jan 18 00:43:21 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C711E91F9ED0@USMBX1.msg.corp.akamai.com>
Date: Fri, 17 Jan 2014 11:17:19 -0800
From: Sean Lynch <seanl@literati.org>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============3723186435519841466==
Content-Type: multipart/alternative; boundary=f46d043d677914cc5204f02f6485
--f46d043d677914cc5204f02f6485
Content-Type: text/plain; charset=UTF-8
On Wed, Jan 15, 2014 at 12:33 PM, Salz, Rich <rsalz@akamai.com> wrote:
> > I never said they were evil, but it might be evil to reinterpret words
> to defend the indefensible, dunno.
>
> Perhaps you haven't. But others have.
>
> > As has been repeatedly mentioned in this list, RSA were tricked. They
> and the people within were not evil nor are they evil.
> > Rather, *there but for the grace of the crypto gods go we all*.
>
> Agree. So why is a boycott a good thing? Why punish someone for being
> tricked? (Not specifically directed to Ian). It seems to me the better
> object lesson is one of the strongest cryptography companies in the world
> (at the time) was tricked into possibly making many of their customers
> vulnerable. How can we move forward from this?
>
So, if I hire a security guard, and an unauthorized individual "tricks"
them into letting them past and then steals all that stuff, should I let
that guard keep their job? The job of the security guard is NOT to be
tricked, and the job of RSA was to keep their users safe. They fell down on
the job, and many of us don't feel that the harm to their reputation will
be sufficient when it's primarily execs who know nothing about security
making purchasing decisions. Security companies need to be AFRAID of making
the same mistake. They should quake in their boots at the mere thought of
being perceived as cooperating with the government.
Personally, I'd like to see RSA obliterated and its shares worth zero and
all of its executives left destitute. Boycotting the conference is a tiny
token act compared to what should really happen when a security company
doesn't just fail in its core mission but does exactly the opposite to its
customers of what it promised.
--f46d043d677914cc5204f02f6485
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra">On Wed, Jan 15, 2014 at 12:=
33 PM, Salz, Rich <span dir=3D"ltr"><<a href=3D"mailto:rsalz@akamai.com"=
target=3D"_blank">rsalz@akamai.com</a>></span> wrote:<br><div class=3D"=
gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">> I never said they wer=
e evil, but it might be evil to reinterpret words to defend the indefensibl=
e, dunno.<br>
<br>
</div>Perhaps you haven't. =C2=A0But others have.<br>
<div class=3D"im"><br>
> As has been repeatedly mentioned in this list, RSA were tricked. =C2=
=A0They and the people within were not evil nor are they evil.<br>
> Rather, *there but for the grace of the crypto gods go we all*.<br>
<br>
</div>Agree. =C2=A0So why is a boycott a good thing? =C2=A0Why punish someo=
ne for being tricked? =C2=A0(Not specifically directed to Ian). =C2=A0It se=
ems to me the better object lesson is one of the strongest cryptography com=
panies in the world (at the time) was tricked into possibly making many of =
their customers vulnerable. =C2=A0How can we move forward from this?<br>
<span class=3D"HOEnZb"></span></blockquote><div><br></div><div>So, if I hir=
e a security guard, and an unauthorized individual "tricks" them =
into letting them past and then steals all that stuff, should I let that gu=
ard keep their job? The job of the security guard is NOT to be tricked, and=
the job of RSA was to keep their users safe. They fell down on the job, an=
d many of us don't feel that the harm to their reputation will be suffi=
cient when it's primarily execs who know nothing about security making =
purchasing decisions. Security companies need to be AFRAID of making the sa=
me mistake. They should quake in their boots at the mere thought of being p=
erceived as cooperating with the government.<br>
<br></div><div>Personally, I'd like to see RSA obliterated and its shar=
es worth zero and all of its executives left destitute. Boycotting the conf=
erence is a tiny token act compared to what should really happen when a sec=
urity company doesn't just fail in its core mission but does exactly th=
e opposite to its customers of what it promised.<br>
<br></div></div></div></div>
--f46d043d677914cc5204f02f6485--
--===============3723186435519841466==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3723186435519841466==--
