[6915] in cryptography@c2.net mail archive
Re: IP: Gates, Gerstner helped NSA snoop - US Congressman
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Apr 13 18:21:26 2000
From: "Steven M. Bellovin" <smb@research.att.com>
To: Matt Blaze <mab@crypto.com>
Cc: Rick Smith <rick_smith@securecomputing.com>,
"R. A. Hettinga" <rah@shipwright.com>, cryptography@c2.net,
Jim Gillogly <jim@acm.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 13 Apr 2000 17:30:52 -0400
Message-Id: <20000413213112.BB1BA35DC2@smb.research.att.com>
In message <200004131948.PAA16409@fbi.crypto.com>, Matt Blaze writes:
>> But I still don't believe there are secret back-doors in commercial OSes
>> because such things are too hard to keep secret. And I think the Lotus
>> incident is more evidence that NSA isn't going to try to keep something
>> like that secret since they can't depend on it staying secret.
>
>I agree, assuming we're talking about *deliberate* back doors. But,
>as we all know all too well, the major commercial OSs have repeatedly
>proven to ship with bugs (and default configurations) that make them
>vulnerable to all kinds of mischief, secret back doors or not.
Precisely. Remember that NSA et al. -- as well as the industry of the country
they're trying to protect -- use those same systems. I don't think they'd
take the risk of such a back door leaking; it would endanger too many other
systems.
>
>But this a problem more believably attributed to the usual software bloat,
>bad quality assurance practices, incompetent programming, and overly
>aggressive schedules, than to the secret influence of spies.
Precisely.
--Steve Bellovin
