[Cryptography] The Trust Problem

tpb-crypto at laposte.net tpb-crypto at laposte.net
Thu May 22 12:49:07 EDT 2014 

> Message du 22/05/14 17:08
> De : "ianG" 
>
> Claims are also important because it sets a statement that can be tested
> over time. So what is the cost of a broken claim? Can a company put a
> credible claim on the table?
> 
> Skype's broken security claim has cost them what? Embarrassment for
> Microsoft and Skype, I guess. But the former cares little, and the
> latter is probably happy with the phone market.
> 
> What would happen if there were real fallout? RSA suffered quite a lot
> -- so some say -- when their DUAL_EC behaviour came out. NIST have been
> red-faced. But still we don't see much in the way of measurable damages.
> 
> Sometimes, false marketing claims are tested in court, typically in a
> class-action suit or against a data protection regulator. Sometimes
> these claims win through and damages are awarded.
> 
> So maybe a new signal is to prepare specific claims that can be tested
> in court? If we can keep the lawyers from watering them down (which is
> the normal signal) and make them aligned with customer needs enough,
> would that work?
> 

My home town has a McDonalds and a few years ago the sanitary department ticketed them a heavy fine, demanded they close for a week and clean the mess, because they found all kids of critters in their deposit and kitchen.

Two days after it reopened I went there for a snack and started to call my friends while eating. Their reactions ran from funny to scared, but one thing I told them stuck to this day: "Wasn't the place cleaned yesterday? So what could be a better day than after the cleaning to have some snack free from roach wings?"

I found people use a similar approach to most things. Namely, if RSA was caught red-handed they must be working to amend themselves right now, so it is time to help and buy from them.

Yet, having a third party (the sanitary department) give a green-light regarding a clean kitchen is very different from a company promising to do better and still sell you some very complex and big pieces of software a few days later. One can bet his pinkie they haven't revised crap and are just preying you don't ask too many questions ...

... but regarding Skype, most everyone that I know ceased to use it since the Microsoft takeover.

RSA and Skype are too different cats to put in the same bag.

More information about the cryptography mailing list