[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wired query on Windows 2000 and DES/3DES



On Mon, May 15, 2000 at 07:46:14PM -0400, Declan McCullagh wrote:
> I just got off the phone with MS.

	[...]

> * They say their customers like it: "no one has disputed this or questioned 
> this. clearly the customers must think this is a proper approach, rather 
> than some people who come from a philosophical background that you manage 
> policy from the end system and not the directory."

	Whoa!  Time out!  There is a fundamental brain fart right there.
This ranks right up with the old "silent majority" nonsense.  Nobody
disputes it or questions it, because nobody is informed of it.  So from
their (Microsoft's) point of view, if you keep it below the users radar by
not telling them what you are doing, they must therefore approve of what
you are doing.  IS THAT what they are saying?  Unfortunately, that's
consistant with their attitude on a lot of things.  Hide it so the user
doesn't know what's going on (even if it doesn't work) and then claim that
nobody complains about it, so they must all like it (or, in the case
of scripting and other nonsense, they demand it as a feature).

	Cryptography, at it's best, is quite subtle.  It's very easy to
deceive or confuse the end user or hide what the little man is doing
behind the curtain.  How would anyone dispute or question what they are
doing if they didn't tell anyone (or buried the explaination so deep that
only the most desparate insomniac would ever find it).  The absence of
complaints does NOT imply the approval of the users.  It really implies
the deliberate, orchestrated, and calculated ignorance of the users.  When
someone finally DOES dig down and find the truth, then they wear the hair
shirt and complain that no one else has complained.  Well fine.  Someone
has to be first and someone has to bring to light what they have kept
hidden through subtle subterfuge.  It may be there in the documentation,
but it is something that the AVERAGE user is likely to ever discover,
or are they more likely to trust what the fancy point and click gui's
are telling them?  One is a bald face lier, even if the other is literally,
but surreptuously, true.

	Heinlein once wrote that there are two ways of lying artfully.
One is to tell the truth, you just don't tell all of it.  The other is
to tell the truth, but you tell it so badly that nobody believes you.
Which is this?  I don't know.  But they may have told the truth, but
the users were lied to...

> Any thoughts? I'm writing my article now.

> -Declan

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!



Follow-Ups: References: