Re: "Hackers"-- brief review and anecdote...
If it wasn't for ITAR the Net would already have secure encryption and authentication, and most such hacker attacks would be impossible (or at least impractical).
The non-responsive answer is stricken from the record. :-) You mean "secure" as Netscape was secure from sameer et al.?
I don't think it's non-response, I just think you don't understand yhour expert witness. If not for the ITAR then I could distribute my secure applications as a binary library with the security part as source. When you got Netscape you'd read the security code or ask local experts to do so. You'd verify that the code was correct (or at least not stupid). You'd then compile the security code and link it against the main object module and away you'd go. If you didn't have a C compiler, you'd get a binary from someone you trusted. Of course, all this would be going on in parallel at thousands of sites around the world. Everyone looking at the code, finding holes, reporting them, fixing security bugs, and so on. But ITAR won't let you do that. Or netscape would just make calls to the common open multiple-crypto API that existed in a shared library in your machine. But apparently the ITAR won't even let you do this. /r$
On Tue, 19 Sep 1995, Rich Salz wrote:
If it wasn't for ITAR the Net would already have secure encryption and authentication, and most such hacker attacks would be impossible (or at least impractical).
The non-responsive answer is stricken from the record. :-) You mean "secure" as Netscape was secure from sameer et al.?
I don't think it's non-response, I just think you don't understand yhour expert witness.
Difficult to judge a non-responsive answer to a question, when you delete the question asked ... The question was, essentially, what do you think should happen to a teenage hacker ... The "answer" was ... if you did x hacking wouldn't happen. I guess that means that the domestic version of Netscape can't be broken as sameer did. Oh wait a minute. Yes it can. Sloppy work is sloppy work. And it had nothing to do with imposed limits on key length. Q. What should you do to a person who robs an liquor store and shoots the storekeeper? A. If you had gun control, he couldn't have shot him! Replies in this vein remind me of nothing more than the people who, in response to reports of a tragedy in which children die of starvation, sickness, or whatever, write letters to the editor which say "thousands of children die every year because abortion is legal ..." And given that the "unexportable" version of Netscape has the same gaping hole as the exportable version, your "it's all ITAR's fault" answer is, indeed, not responsive. I even included a smiley for the humor-impaired, but that apparently was insufficient. EBD
participants (2)
-
Brian Davis -
Rich Salz