[Cryptography] Boing Boing pushing an RSA Conference boycott
Phillip Hallam-Baker
hallam at gmail.com
Mon Jan 13 14:35:06 EST 2014
On Mon, Jan 13, 2014 at 2:08 PM, Kent Borg <kentborg at borg.org> wrote:
> On 01/13/2014 10:23 AM, Phillip Hallam-Baker wrote:
>
>> Unless someone shows evidence that RSA actually knew they were being
>> punked, the boycott makes no sense. And I can't believe that evidence
>> exists because there was absolutely no need to tell RSA they were being
>> punked to get the outcome they wanted.
>>
>
> Two points.
>
>
> First, RSA knew--or certainly should have known--that they were in the
> business of selling security, yet they failed in that. Worse, thewy failed
> spectacularly and sold something not just broken, but something with a
> backdoor specifically designed to defeat security. As you well know, this
> is serious business.
>
> I don't think the suits knew what they were doing, I think they were just
> chasing money, they didn't ask too many questions that might get in the way
> of that money. Businessmen do that. We all know (suits, too), security
> doesn't sell, buzzwords sell. They sold the buzzwords without the
> security. Nearly everyone does it to some degree. They did it worse, they
> were in a position of trust.
>
Absolutely right. But how should we respond?
> If we can't make selling security pay, we can maybe make selling
> insecurity cost. There are a lot of other suits watching this, seeing how
> RSA fairs. I want them to see something gruesome, something that worries
> them. (The same way I want a banker or two who nearly dumped us into
> recession to go to jail, so others will think twice.)
>
There should be a penalty, no question. But what should the penalty be?
We should not choose a penalty that causes collateral damage on our side. A
much more effective response would be to gut the RSA token business. That
hurts EMC's bottom line directly. Changing the speaker lineup at the show
does not.
If the RSA token business is gutted there will be no reason for EMC to keep
RSA Labs or the name.
Lets pick out battles here.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140113/e41bf95f/attachment.html>
More information about the cryptography
mailing list