----- Original Message ----- From: "bear" <[EMAIL PROTECTED]>
[Talking about Microsoft Passport...] > But it's even worse than that, because people who > ought to know better (and people who *DO* know better, their own > ethics and customers' best interests be damned) are even *DEVELOPING* > for this system. It just doesn't make any damn sense. It does make some sense. The more people who are developing the system who know better, the more they may influence higher management. I'm sure that you know that in a big company like Microsoft, it's not the developer, architect or cryptographer that decides what is shipped out, but managers who don't care about security but more about $. The more security-conscious people who start working for Microsoft, the better, they will have more power to influence the decisions of higher management. Microsoft has the most widely used software products, it's a good place for someone to try to influence good security practices. If you are a security person or cryptographer, you can either decide to work for some small company which has good security practices and your opinions be highly considered, but their products not widely spread, or for a big company with widely spread products but which has bad security practices, and try to change things (even though your opinions are less considered). In which case does the security person or cryptographer have the most impact on the world of software security? --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
