Whit Diffie Comments On .NET security

An Anonymous Coward writes: "Whit Diffie and Susan Landu (both of Sun Microsystems) comment on why .NET is a bad idea and is in many ways in conflict with the US political struture and ideals." This is a good read, but of course Sun has their own plans and motivations in this field.

Propietarity

[Khopesh]

Why one propietary language should be used over another ... kind of misses the point. I say they're both bad due to being closed and propietary.

What if?

[programic]

Sometimes I wonder what we'd all think of Sun if they were in the dominant position that Microsoft is currently in.

Even more interesting, I wonder how they would treat their competitors (and competitors ideas). It would be a different Sun, that's for sure.

Stuck In The Middle With You

[Brontosaurus+Jim]

I think Steeler's Wheel said it best when they sung "Stuck In The Middle With You"... as, in a way, we're stuck in the middle with Sun.

Microsoft and Congress are surrounding us, working either with monopoly power or governmental force, and, though nothing truly bad bas happened yet, it's only a matter of time.

This strange coalition isn't good for everyone though, and Sun is aware of that. At this point we (the Open Source People) should indeed be cautious of Sun, but not overly so. They have good reason to be with us on this, and we shouldn't be so quick to dismiss them

Not that we should worship them either... once we beat down Passport they'll probably come up with their own worse version.

But for now... hell... they're anti-passport, and right now that's all that matters...

Hmmm....

[jamis]

Sun used to put the dot in .COM .... What does Microsoft put in .NET?

Theft is not the true liability

[crumbz]

The fact that Microsoft software and consequently it's databases can be cracked is not the issue. The issue is that Microsoft is controlling the database itself. The whole is greater than the sum of its parts in this case. The sheer political will that can be wielded by Microsoft as enabled by a universal database is frightening.

At what point do the privacy activists have to take up guns (real or virtual) to stop this shit?

This isn't really a criticism of .NET.

[megabeck42]

They really aren't criticizing .NET languages, software, or architecture. Microsoft is positioning it's passport system to collect phenomenal amounts of information about people without their knowledge. Hence, the attack on privacy.

Read down to the bottom of the article

[Pinball+Wizard]

Diffie is also the co-inventor of public-key cryptography.

He's not "just a Sun employee" with a chip on his shoulder, he is a giant in his field. Give the guy the respect he deserves.

I suspect Whitt has a different point

[Zeinfeld]

Reading the article again I think it is quite likely that Whitt has quite a different target in mind from the one that people think.

Although Whitt 'invented' Public Key Cryptography he is not a cryptographer in the sense many on the list seem to think. He is not interested much in algorithms, of the 20 odd times I have heard him speak in public or private I can only recall one occasion where we were discussing an algorithm and that was in the context of the Venona decrypts.

Whitt's almost exclusive interest is public policy concerning privacy and security. While Whitt has probably cleared his talk through Sun's PR office he is quite obviously the instigator of the piece.

The point he is making is much broader than .NET, as I am sure Whitt will explain later on. For the time being however it makes tactical sense to identify the problems with newly proposed schemes even though the real exposure comes from existing databases.

What I believe Whitt is up to is re-interpreting the privacy concerns of the pre 9/11 world as security threats in the post 9/11 world.