
On Mon, 6 Nov 2000, Jim Choate wrote:
On Mon, 6 Nov 2000, Tom Vogt wrote:
no. the argument is: if you make probing illegal, we'll see even more (and *much* more) "security through obscurity" - because figuring out that this crap is insecure will land you in jail.
Going to jail won't stop anyone from figuring it out if that's what they want. I would be so bold as to suggest that if they make it illegal then you'll see a significant rise in the behaviour, along with increased use of anonymous remailers and Open Source software than can be kludged.
I have been thinking about the DMCA recently, in respect to the limited ability granted to researchers for analysis of security protocols. I doubt we'll see a significant rise in the reverse engineering of security protocols. We *will* see a rise in the use of anonymous remailers to reveal vulnerabilities, but overall, I think that such research will decrease. Would GSM have been broken if the researchers couldn't have taken credit for it? Inside the NSA it would have been, surely. But where is the incentive for private researchers to attack these protocols if they can't take public credit for their work? The allowances that the DCMA makes for academic research is not sufficient to continue to provide motivation for such research. Which is exactly what the manufacturers want: security through obscurity, and obscurity through legality. Alex