Actually Roland is right when he says:
If folks are unhappy with the current state of affairs, they ought to
concentrate on writing laws, not code.
Randy is being his usual self and playing devils advocate, which is
fine, but doesn't move the ball (or is simply self-serving).
In any event, we *all* need to raise our game, because we are not as
clever as we think we are.
- ferg
On 9/8/2013 1:12 AM, Dobbins, Roland wrote:
On Sep 8, 2013, at 2:58 PM, Randy Bush wrote:
>cool. then i presume you will continue to run using rc4 and rsa 1024.
The point is that no matter what crypto algorithms are developed and
implemented, it's generally trivial for authorized (for whatever value of
'authorized' applies in a given situation) entities to obviate them by simply
compromising the endpoints under color of law, if nothing else.
If folks are unhappy with the current state of affairs, they ought to
concentrate on writing laws, not code.
--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington USA
IID --> "Connect and Collaborate" --> www.internetidentity.com
