[Cryptography] Boing Boing pushing an RSA Conference boycott

Peter Fairbrother zenadsl6186 at zen.co.uk
Thu Jan 16 07:48:21 EST 2014 

On 16/01/14 05:07, Watson Ladd wrote:
> On Wed, Jan 15, 2014 at 12:33 PM, Salz, Rich <rsalz at akamai.com> wrote:
>>> I never said they were evil, but it might be evil to reinterpret words to defend the indefensible, dunno.
>>
>> Perhaps you haven't.  But others have.
>>
>>> As has been repeatedly mentioned in this list, RSA were tricked.  They and the people within were not evil nor are they evil.
>>> Rather, *there but for the grace of the crypto gods go we all*.
>>
>> Agree.  So why is a boycott a good thing?  Why punish someone for being tricked?  (Not specifically directed to Ian).  It seems to me the better object lesson is one of the strongest cryptography companies in the world (at the time) was tricked into possibly making many of their customers vulnerable.  How can we move forward from this?
>
> Because your job as a cryptography company is not to be tricked, and
> to exercise the judgement your client is hiring you to exercise in
> their interests. If you can't or won't do it, you shouldn't take the
> money of your customer. 2007 should have seen an immediate rush to fix
> the problem. But instead they left their clients vulnerable to a known
> weakness for 6 years, in exchange for millions of dollars. If they
> were accountants or lawyers, they would be in jail for something
> similar.

Agree.

Also, while we don't have details of the contract, RSA have not denied 
the initial charge - that they were paid $10 million to include 
something as their default. Doesn't matter what.

That's not what they are supposed to be paid for - they are supposed to 
be paid to protect their customers secrets.

And accepting money to do something which might detract from that - 
heck, something which could have no other likely reason for the payment 
than being a backdoor - if there is another possible reason for NSA 
making the payment I haven't heard about or thought of it - is fraud, 
pure and simple.

It's probably some other crimes as well.


A few years ago I was overwhelmed to see Whit Diffie, Ron Rivest and Adi 
Shamir at a RSA conference. Today - not so. I'd like to see them all 
refuse to attend.

I'd also like to see a permanent boycott, not just for one year - 
forever, destroy RSA, both the company (make EMC sell it, to wither) and 
the conference - which would at least generate another conference of 
standing similar to what RSA once had.


Hmmm, re moral rights in copyright - could one of R, S or A prevent EMC 
from using their initials?

-- Peter Fairbrother

More information about the cryptography mailing list