[Cryptography] What do we know? (Was 'We cannot trust' ...)

[James A. Donald]

 >>> Large customers, government or otherwise, that know what they are
 >>> doing realize that if a custom extension/addition is incorporated
 >>> in a product *just for them*, then they will be paying forever for
 >>> it to be maintained and included with every future upgrade of the
 >>> product.

  On Dec 28, 2013, at 3:51 AM, James A. Donald wrote:
 >> Famously, government does not care.  It is just taxpayer money.

On 2013-12-28 22:33, Jerry Leichter wrote:
 > It really depends.

No it really does not depend.  You would have to be crazy to pass up an 
excuse to customize a product so that it is government only, thus 
allowing you can justify a completely insane price enormously higher 
than that you charge other customers.  No one ever passes up such 
opportunities.

If you have a customer who is spending other people's money for the 
benefit of other people, you can charge him considerably more.  If the 
people he supposed serves are far away, you can charge him way, way, way 
more, in approximate proportion to the organizational and geographic 
distance between agent and principal.

 > But there's also an immense amount of "ordinary" stuff the
 > government buys under COTS regulations.  There are huge numbers of
 > perfectly ordinary PC's and laptops spread throughout government
 > offices that were bought from the same distributors any large
 > business might go to, at the same prices any large business might
 > pay.

Which is exactly why you want an excuse for product differentiation, to 
get around those nasty regulations that require you to charge government 
the same price as you charge customers that care about price.

Thus, from the fact that RSA responded to payment by putting the 
algorithm in the product for everyone, we may conclude that the 
government paid them to put the algorithm in the product for other 
people not the government.