[7131] in cryptography@c2.net mail archive
RE: Critics blast Windows 2000's quiet use of DES instead of 3DE
daemon@ATHENA.MIT.EDU (Trei, Peter)
Thu May 18 17:40:45 2000
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A0391A2@exna07.securitydynamics.com>
From: "Trei, Peter" <ptrei@rsasecurity.com>
To: John Young <jya@pipeline.com>, "'L. Sassaman'" <rabbi@quickie.net>
Cc: John Gilmore <gnu@toad.com>, cryptography@c2.net,
"Trei, Peter" <ptrei@rsasecurity.com>
Date: Thu, 18 May 2000 09:31:40 -0400
MIME-Version: 1.0
Content-Type: text/plain
> ----------
> From: L. Sassaman[SMTP:rabbi@quickie.net]
> On Wed, 17 May 2000, John Young wrote:
>
> > While John may be speculating about NSA subversion of strong crypto,
> > specific examples of this would be very helpful. Here are a few firms
> > for consideration as candidates for today's Crypto AGs besides Microsoft
>
> > (meaning latest products, not those that have been suspected in the
> past):
> >
> > Cylink
> > IBM
> > Lotus
> > TIS
> > RSA
> > PGP
>
[...]
> Well, I can tell you that my NDAs do not cover secrecy agreements for
> compromises made with the NSA. If PGP were in any way compromised by the
> NSA (or any other party, for that matter) I would not be working here.
>
>
I'd like to concur with Mr. Sassaman. Many people who work at security
related firms have a major personal committment to the principle of
privacy - enough that I suspect that it would be near impossible for any
major firm to deliberately compromise their products, and keep the
fact secret.
Peter Trei
[Disclaimer: The above is my own opinion only; it may or may not
represent that of my employer, though I would hope that it does.-pt]
