[Cryptography] Boing Boing pushing an RSA Conference boycott
Jerry Leichter
leichter at lrw.com
Tue Jan 14 14:38:19 EST 2014
On Jan 14, 2014, at 1:36 PM, Bear <bear at sonic.net> wrote:
>> If we can't make selling security pay, we can maybe make selling
>> insecurity cost. There are a lot of other suits watching this, seeing
>> how RSA fairs. I want them to see something gruesome, something that
>> worries them. (The same way I want a banker or two who nearly dumped us
>> into DEPRESSION to go to jail, so others will think twice.)
>
> I tend to agree. If RSA doesn't go down in flames over its utter
> failure, then people will learn from that fact that security is a
> joke industry....
None of the above.
The RSA Conference has always been two things: A technical conference on crypto, and a place to sell crypto wares. At most, a boycott will kill the first. The guys buying and selling won't care much. They aren't the ones going to the technical talks.
It amazes me as I read this how little people even know about what RSA does. It hasn't been a *cryptography* supplier in many years. It's "the security division of EMC". RSA sells security consulting - internally and externally. (http://www.emc.com/services/rsa-services/about.htm) It sells fraud protetion. It sells compliance mechanisms. It's big on data leak prevention, risk management. (http://www.emc.com/security/index.htm#Points-of-View).
BSAFE? A big deal when there were still patent issues - what you were buying was protection from lawsuits (and a reasonable implementation). Today, what you're buying is FIPS and such approval so that you can sell the governments, or clients that sell to governments, and need the stamp. But it's a now so minor that it's hard to find on the web pages. (Many of these are bullshit products that consultants sell to C-level execs. But that only makes them all the less vulnerable to a pissing contest among "the little people" who do all that silly tech stuff.)
SecureID is still a nice business, but if you want to hurt RSA there, you have to provide a market alternative. There already *are* a few market alternatives, but none has hurt SecureID. RSA's issues with SecureID (there have been a couple of significant ones over the years) haven't hurt them much either.
If you want to make a point by boycotting the conference, go ahead and do so. Personally I think you're aiming your complaint in the wrong direction, but I understand the feelings involved and certainly won't try to convince you otherwise.
But don't kid yourself into thinking that a boycott of the technical sessions at the RSA Conference will do much of anything to RSA. They're already in a position of having to re-establish they position, especially outside the US - and a boycott will be a tiny little disturbance in a large amount of pre-existing noise.
-- Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140114/d8273770/attachment.bin>
More information about the cryptography
mailing list