Adam Shostack wrote:
It my personal feeling that Netscape doesn't have the right talent mix to develop secure software. For example, they may well get the RSA parts right, and then store the passphrase in a text file, 'for ease of use.' The RSA is secure, but the system is not secure if usnauthorized people using your machine is a possibility.
Writing secure software is a difficult and tricky buisness that requires a lot of effort; early versions of Mosaic had problems.
Netscape is seeking people to write this stuff, as we heard at the last Cypherpunks meeting. So, this is the chance for Cyppherpunks to see it done right. I will speculate that Netscape, being a _very_ high-visibility company, is in contact with the folks at RSA Data Security about this, perhaps even using them to do the integration. (Recall that Bidzos is involved in a couple of efforts along these lines.) This doesn't mean they'll do it right, natch, but it gives us hope that the crypto protocols will at least be well-handled. (Ultra-speculative scenario: If I were the NSA/FBI/COMINT establishment, anxious to ensure "escrowed access," Netscape is something I'd be looking at. Ultra-speculatively, we should be on the lookout for any evidence that Netscape will be deploying any kind of "software key escrow" scheme, e.g., any links to the TIS proposals, to Denning, etc. "GAKscape"?) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay