EU Privacy Authorities Seek Changes in Microsoft 'Passport'

[Anton Stiglic]

----- Original Message -----
From: "bear" <bear at sonic.net>

[Talking about Microsoft Passport...]
> But it's even worse than that, because people who
> ought to know better (and people who *DO* know better, their own
> ethics and customers' best interests be damned) are even *DEVELOPING*
> for this system.  It just doesn't make any damn sense.

It does make some sense.  The more people who are developing the system
who know better, the more they may influence higher management.
I'm sure that you know that in a big company like Microsoft, it's not the
developer,
architect or cryptographer that decides what is shipped out, but managers
who
don't care about security but more about $.

The more security-conscious people who start working for Microsoft, the
better,
they will have more power to influence the decisions of higher management.
Microsoft has the most widely used software products, it's a good place for
someone to try to influence good security practices.

If you are a security person or cryptographer, you can either decide to work
for
some small company which has good security practices and your opinions be
highly
considered, but their products not widely spread, or for a big company with
widely spread products but which has bad security practices, and try to
change things
(even though your opinions are less considered).   In which case does the
security
person or cryptographer have the most impact on the world of software
security?

--Anton



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com