[Cryptography] Boing Boing pushing an RSA Conference boycott

[Sean Lynch]

On Wed, Jan 15, 2014 at 12:33 PM, Salz, Rich <rsalz at akamai.com> wrote:

> > I never said they were evil, but it might be evil to reinterpret words
> to defend the indefensible, dunno.
>
> Perhaps you haven't.  But others have.
>
> > As has been repeatedly mentioned in this list, RSA were tricked.  They
> and the people within were not evil nor are they evil.
> > Rather, *there but for the grace of the crypto gods go we all*.
>
> Agree.  So why is a boycott a good thing?  Why punish someone for being
> tricked?  (Not specifically directed to Ian).  It seems to me the better
> object lesson is one of the strongest cryptography companies in the world
> (at the time) was tricked into possibly making many of their customers
> vulnerable.  How can we move forward from this?
>

So, if I hire a security guard, and an unauthorized individual "tricks"
them into letting them past and then steals all that stuff, should I let
that guard keep their job? The job of the security guard is NOT to be
tricked, and the job of RSA was to keep their users safe. They fell down on
the job, and many of us don't feel that the harm to their reputation will
be sufficient when it's primarily execs who know nothing about security
making purchasing decisions. Security companies need to be AFRAID of making
the same mistake. They should quake in their boots at the mere thought of
being perceived as cooperating with the government.

Personally, I'd like to see RSA obliterated and its shares worth zero and
all of its executives left destitute. Boycotting the conference is a tiny
token act compared to what should really happen when a security company
doesn't just fail in its core mission but does exactly the opposite to its
customers of what it promised.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140117/96aa90ab/attachment.html>