Rishab Aiyer Ghosh wrote:
Any special reason why Netscape is working with the NSA to support their Fortezza encryption card?
ObConspiracyTheory: Hmmmmm....
Nice government-friendly Jim Clark quote, with the rest of the story http://www-e1c.gnn.com/gnn/wr/96/01/12/features/nsa/index.html
Here is another quote for you: "Netscape will fight in all forums for totally private encryption." -- Jim Barksdale Netscape CEO One particularly interesting paragraph from the GNN article is: "One senior Federal Government source has reported that NSA has been particularly successful in convincing key members of the US software industry to cooperate with it in producing software that makes Internet messages easier for NSA to intercept, and if they are encrypted, to decode," Madsen wrote. "A knowledgeable government source claims that the NSA has concluded agreements with Microsoft, Lotus and Netscape to permit the introduction of the means to prevent the anonymity of Internet electronic mail, the use of cryptographic key-escrow, as well as software industry acceptance of the NSA-developed Digital Signature Standard (DSS)." I believe that the reference to Netscape in this paragraph is a distortion of our agreement with the NSA. They agreed to buy some of our current products, which they paid for, and to buy products in the future that support Fortezza. Given the large number of organizations within the government that are standardizing on fortezza, our motivation for producing such a product should be obvious. I think in the end the non-NSA purchases of Fortezza based products within the government will be much larger than what the NSA buys. Once we have implemented Fortezza we would like to add support for many alternative crypto cards that are not GAK'd and are more apropriate for commercial or personal use. We will also continue to offer software encryption. Management here has never asked me not to implement anonymity enhancing features. They have not asked me to implement DSS. They have not asked me to implement GAK. Management has let me hold up a release to fix a bug that was causing a user's identity to be accessible from a server. We have awarded several bugs bounty prizes to people who found bugs related to privacy. I understand that in his keynote speach at the RSA Security Conference Jim Barksdale repeated our strong opposition to GAK. Perhaps someone who attended could provide more details. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.