They did get a variant of this into OpenSSL. A USG contractor paid for it.
Conversation
So, it was for FIPS, and was anyone using it other than the US government / contractors? They *were* using across multiple products themselves, right?
1
I don't need to be convinced that they've tried to subvert cryptography but rather that they would approach it by openly and publicly tying themselves to it while pushing it primarily for US government / contractor usage, not others.
1
In OpenSSL it was for FIPS. For Dual EC and Juniper it was the default in all devices.
You plant a thousand flowers and hope that some will bloom. Some did bloom.
1
2
And I can see how that could fit together, but you're talking about it as if it's certain and as if you know Salter was involved in orchestrating it. So, she knew about it and agreed to take the fall for whatever happened since it was her name being attached to it this way?
2
I’ve been down every road and at the end of every road there is evidence of a crime.
Did a crime occur? I think so.
Did Margaret Salter commit it? I don’t know. Her name is on one of the (metaphorical) guns used to commit the crime.
My goal is to surface this. End story.
2
3
> Did Margaret Salter commit it? I don’t know. Her name is on one of the (metaphorical) guns used to commit the crime.
And I agree with you on that. It doesn't look good for her. It feels seriously wrong sending a mob after her based on what's known about it though. That's all.
1
1
“Sending a mob after her” sounds seriously dramatic. But let’s exit the soap opera and be clear what will happen.
In six months Salter will still be healthy and fine and almost certainly gainfully employed at Amazon in a job which has (I’m told) a 1.2m/yr salary.
1
2
I’m not saying this because I begrudge her an incredibly generous salary. I’m saying this because, now that you’ve conceded the serious nature of the *potential* ethical transgression, I want you to be realistic about what is happening here.
1
1
If I’m wrong and something happens to her extremely lucrative and gainful employment, I’m happy to pay you $500 cash but only conditioned on the fact that you also agree to pay the same if she suffers no employment consequences at all.
1
I don't think she's going to suffer employment consequences but rather will receive misguided death threats, etc. based on something she quite possibly didn't do and is unlikely to have actually proposed / orchestrated if she did. She was the public face of it, sure.
I don't think Amazon cares either way. It could be public that she did do this with actual hard evidence for it and it wouldn't mean they wouldn't hire her. They probably prefer employees willing to do unethical things for them. I'm not complaining cause I think she'll be fired.
1
1
So this person probably did bad things, by your argument. There will be no meaningful consequences regarding the actual position of trust. But some rando might hypothetically do something bad so we must not publicly discuss it.
2
1
Show replies
I think this is a crappy set of standards. Sure there won’t be any consequences in any way that matter but the knowledge of the fact that there is a problem here will induce evil people to make threats.