[873] in cryptography@c2.net mail archive
Sun Microsystems to try to go around EAR
daemon@ATHENA.MIT.EDU (Michael C Taylor)
Wed May 21 14:11:57 1997
Date: Wed, 21 May 1997 09:33:33 -0300 (ADT)
From: Michael C Taylor <mctaylor@mta.ca>
To: cryptography@c2.net
cc: risks@csl.sri.com
>From http://www.msnbc.com/news/75617.asp by the Associated Press.
In summary (by mctaylor):
Sun has partnered with Elvis+ Co., a Russian company, to by-pass export
controls in order to "test the waters."
The products which were developed by Elvis+ use SKIP, a Sun
security protocol, but Sun did not provide technical assistances to
Elvis+. The interesting part is that Sun will sell Elvis+'s Secure Virtual
Private Network for MS-Windows 3.11, 95 and NT under the name SunScreen
SKIP E+ in August.
The risks here include can Sun trust a Russian company which Sun provided
no technical assistance to, therefore I assume no quality control testing.
It is one thing to bundle a paint program written by another company, but
to resell a security product with your name on it without doing your own
quality testing and cryptanalysis is very risky IMHO. Could Sun
Microsystems find a backdoor that was included at the _request_ of a
foreign government? I won't even start with the risks of legal action..
--
Michael C. Taylor <mctaylor@mta.ca> <http://www.mta.ca/~mctaylor/>
Software Engineer, Mount Allison University, Canada
