[Cryptography] Fwd: [IP] RSA Response to Media Claims Regarding NSA Relationship

[Tom Mitchell]

On Mon, Dec 23, 2013 at 5:30 AM, Phillip Hallam-Baker <hallam at gmail.com> wrote:
> On Mon, Dec 23, 2013 at 12:08 AM, Bill Cox <waywardgeek at gmail.com> wrote:
>>
>> Does this mean RSA denies accepting $10M for making the NSA RNG the
>> default in BSAFE?
.....
> I remember RSA getting money from the NSA to put ECC into BSafe.
>
> It may not have been very public, but it was known in the industry.

I was not in the security community at this time but I also recall
this as well!

I think it is important that US ITAR legislation had astounding and strict rules
about cryptography as a munition.    A system with the power of a Raspberry-Pi
was under export restrictions.  Recall early M68000 boxes were limited.   Later
any system that had two network NICs was restricted because of adaptive routing
capabilities.  One IPsec project at a largish TLA company was hobbled
back to one
engineer because the market was too small for the legal work required to
deliver it.

I am of the opinion that RSA was operating honestly and shipped the
best products that the law would allow them to have a market for.

That was then!

Today the rules and players are different.  If we care we
have to turn on a bright light and start over knowing that decisions
were made for reasons then classified and now forgotten by all
but a short list of gray haired men and women.  And yes I learned
to program FORTRAN on a brand new CDC6400.

i.e. Look at all the moving bits as if they were new and untested.





-- 
  T o m    M i t c h e l l