Reverse engineering an open source version here is a nice thought, but....
MS still controls the.NET framework definition. Because it is a proprietary standard, they can easily change it to where Linux runs poorly or does not have features available to those on a Win 2K platform.
What would have been nice would have been for MS to open the Framework to a real standards board.
Glad to see you protected yourself with the flamesuit.:)
Every day thousands of geeks and perhaps dozens of terrorists send back and forth messages that have been encrypted. The geek messages may be frivolous, just simple messages about life and groceries and the kids and other trivial things. Even if they have a right to, there's no real reason for geeks to encode these things. Big Brother doesn't give a rats ass about what you're writing.
I would agree with you about Big Brother not caring about what average people write. However, the greatest user of crypto these days are businesses either to protect their internal communications (VPN, SSL), infrastructure (SSH) or financial transactions (SSL). (Note: I just selected a few examples, there are undoubtedly more.)
There was a very good discussion a couple of days ago about how France tried to control the use of crypto, much to their chagrin. From what I recall, the US security agency through Echelon managed to break what weak crypto was allowed and share corporate knowledge with American companies. I hope everyone read it.
What will that do to Foreign companies trying to do business in the US?
The idea isn't to stop the criminals from using crypto; it's to make it a slightly faster process to DEcrpyt their stuff.
Would you want to do business over the internet or with companies knowing that your purchases and financial records were prone to being "decrypted slightly faster" through some unknown process?
And knowing that the government probably would require the services of M$ (insert other companies) to successfully integrate this feature. Would you as a competitor trust they would not use this knowledge against you? Or if it is shared amongst all competitors would it turn out to be as secure as DeCSS which was I believe broken due to the bad programming of one member?
(And privately, I wonder about the viability of Linux/*BSD in face of what would prove to be a vital feature component that would be probably illegal to implement through Open Source)
How do you put the genie back into the bag now that it is out?
It only punishes the innocent user as criminals are likely to continue using it
How do you enforce it? Do you enact a law similar to the U.K. where you are obligated to give up your keys upon request? Again, only punishes the innocent as a criminal is less likely to oblige as it would further incriminate themselves. What about a Constitutional issue of self-incrimination?
Wouldn't it create a "standards" barrier with the rest of the world who won't necessarily have to follow the U.S. cipher?
What would be done to insure the new "cipher" was improved as technology advanced. We all saw the problems the 40 and 56 bit cipher restrictions caused in just a few years time. Even 128 bit encryption is coming close to being easily broken. Let's not talk about DeCSS.
How will the government insure that their backdoor will not be used by third parties to compromise the "secure" transaction? Would you feel comfortable knowing that Banks were using a cipher with a known backdoor? How long would it take before this knowledge became common knowledge.
Katz gave a pretty good synopsis of what I saw happening.
Bush's response to the situation was incredibly lackluster and ambiguous. Obvious leadership from the federal level was missing. Bush was avoiding the spotlight, Cheney was also silent. Bush obviously neglected his most important role, that of the Leader of the people of the United States. I don't mean CEO or Manager, I mean Leader.
Lest you don't think it important, look at WWII. Both the Royal Family and Churchill chose to lead very public lives during the worst times of the London Blitz. That simple act provided an immense amount of solace and comfort to the British people and helped keep them going during those dark days.
All in all, I was more impressed by Mayor Giuliani than I was by Bush.
It is also very easy to understand the claims of hiding. Before Bush left Barksdale AFB, all commercial traffic was accounted for with most planes already on the ground or being diverted to Canada. The "credible" threat mentioned by the Whitehouse PR spokesman seems to be more spin-doctoring than reality. It just doesn't seem conceivable anyone - particularly when the attack was so well planned - would use a hijacked airliner to attack a small, moving target. Nothing has been mentioned of other, credible, attack methods.
As for being "in touch", doesn't Air Force One have the necessary communication and control capabilities necessary to run full fledged operations?
Slashdot Mirror
Reverse engineering an open source version here is a nice thought, but.... MS still controls the .NET framework definition. Because it is a proprietary standard, they can easily change it to where Linux runs poorly or does not have features available to those on a Win 2K platform.
What would have been nice would have been for MS to open the Framework to a real standards board.
Glad to see you protected yourself with the flamesuit. :)
I would agree with you about Big Brother not caring about what average people write. However, the greatest user of crypto these days are businesses either to protect their internal communications (VPN, SSL), infrastructure (SSH) or financial transactions (SSL). (Note: I just selected a few examples, there are undoubtedly more.)
There was a very good discussion a couple of days ago about how France tried to control the use of crypto, much to their chagrin. From what I recall, the US security agency through Echelon managed to break what weak crypto was allowed and share corporate knowledge with American companies. I hope everyone read it.
What will that do to Foreign companies trying to do business in the US?
Would you want to do business over the internet or with companies knowing that your purchases and financial records were prone to being "decrypted slightly faster" through some unknown process?
And knowing that the government probably would require the services of M$ (insert other companies) to successfully integrate this feature. Would you as a competitor trust they would not use this knowledge against you? Or if it is shared amongst all competitors would it turn out to be as secure as DeCSS which was I believe broken due to the bad programming of one member?
(And privately, I wonder about the viability of Linux/*BSD in face of what would prove to be a vital feature component that would be probably illegal to implement through Open Source)
Katz gave a pretty good synopsis of what I saw happening.
Bush's response to the situation was incredibly lackluster and ambiguous. Obvious leadership from the federal level was missing. Bush was avoiding the spotlight, Cheney was also silent. Bush obviously neglected his most important role, that of the Leader of the people of the United States. I don't mean CEO or Manager, I mean Leader.
Lest you don't think it important, look at WWII. Both the Royal Family and Churchill chose to lead very public lives during the worst times of the London Blitz. That simple act provided an immense amount of solace and comfort to the British people and helped keep them going during those dark days.
All in all, I was more impressed by Mayor Giuliani than I was by Bush.
It is also very easy to understand the claims of hiding. Before Bush left Barksdale AFB, all commercial traffic was accounted for with most planes already on the ground or being diverted to Canada. The "credible" threat mentioned by the Whitehouse PR spokesman seems to be more spin-doctoring than reality. It just doesn't seem conceivable anyone - particularly when the attack was so well planned - would use a hijacked airliner to attack a small, moving target. Nothing has been mentioned of other, credible, attack methods.
As for being "in touch", doesn't Air Force One have the necessary communication and control capabilities necessary to run full fledged operations?