Re: Transparency in Specifications and PRISM-class attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 






On Fri, Sep 20, 2013 at 10:02 AM, Martin Sustrik <sustrik@xxxxxxxxxx> wrote:
On 19/09/13 17:59, Hannes Tschofenig wrote:

I am personally not worried that the standardization work in the IETF
can be sabotaged by governments since our process is open, and
transparent to everyone who cares to see what is going on.

Isn't it the other way round? That exactly because IETF process is open it's relatively easy for anyone to secretly introduce a backdoor into a protocol?

I mean, NSA does security screenings, holds people legally responsible if they defect etc. So, if I have a NSA-devised protocol, I am almost sure there's at most 1 backdoor there.

Absolutely not.

We know that the process failed with Snowden. We do not know where else it failed.

You will note that I am not criticizing the NSA, I am criticizing the current management. 

 
If I am afraid of KGB, the protocol may work well for me. With IETF standard there can very well be several unknown backdoors introduced by different parties, so it's never safe.

If you are working for the Brazilian government then you are probably not going to be happy with either prospect. 

The Web is an international resource. It does not belong to one government or country.

 
That being said, wouldn't it make more sense to admit that IETF is not a good platform for devising, say, crypto protocols and act accordingly (use 3rd party protocols, make it mandatory for new protocols to enable pluggable crypto etc.)?

Plugable crypto is not a good idea. We are pretty sure we know how to do algorithms now, our recent failures have come from the plugability infrastructures.

Plugable trust models is where we need to go. We are not going to have a ubiquitous email security infrastructure unless we can move past the S/MIME vs PGP stalemate. One has deployment, the other mindshare. We should have built one infrastructure capable of supporting both trust models rather than two competing proposals.


I see PRISM as an opportunity for us. We have a once in a decade opportunity to revisit our biggest security failure: email. We have two infrastructures that are 95% there. We do not need to redo that 95%, we need to remove some stuff thats in the way and add in the missing 10%.

--
Website: http://hallambaker.com/

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]