[EMAIL PROTECTED] wrote:
> At 04:01 PM 3/17/00 -0800, Ed Gerck wrote:
>
> >The guys that reverse engineered CyberPatrol seemed to believe that
> >"security" can justify trespassing. I think we need to ponder about
> >the fallacy of it, as if the end could justify the means.
>
> Not trespass. Regardless of law, anything I purchase is mine to do as I
> see fit, including resale, rental or reverse engineering. Period.
>
> Regardless of law, anything I can detect from my property is mine to listen
> to, decrypt and enjoy.
I agree with you that different models may be used in different situations.
In this regard, however, the user is always free NOT to use it if the software
producer decides to declare reverse engineering out of bounds. The producer
is licensing the program, not the technology behind it.
BTW, reverse enginering is not the trump card to find the proverbial rat
hairs in the apple sauce either, because we would also need to check the
OS, the firmware, etc. At the end, we are trusting many different things --
and we need to trust them exacrtly because we cannot measure them.
A solution that I favor is to promote peer review and open protocols,
if not source code, so that at least we know what security model is being
used, we know the test vectors, etc.
This approach may also have a better chance to provide a middle ground
for different situations since it does not intrude so much into the
developer's right to privacy and intellectual property protection --
if so desired/necessary.
Cheers,
Ed Gerck
