Are we conflating back doors in implementations with back doors in protocol specifications? It's certainly a conceptual possibility for there to be a back door in a protocol specification, but I don't recall ever hearing about one. On the other hand, back doors, both intended and unintended, in the software that implements protocols, are legion. Steve On Sep 20, 2013, at 11:25 AM, jnc@xxxxxxxxxxxxxxxxxxx (Noel Chiappa) wrote: >> From: Martin Sustrik <sustrik@xxxxxxxxxx> > >> Isn't it the other way round? That exactly because IETF process is open >> it's relatively easy for anyone to secretly introduce a backdoor into a >> protocol? >> ... >> With IETF standard there can very well be several unknown backdoors >> introduced by different parties, so it's never safe. > > Iff enough people are _carefully_ reviewing specs, that ought to find all the > backdoors. An open process does have potential issues, but it's also the one > with the best chance of producing a 'good' product. > >> That being said, wouldn't it make more sense to admit that IETF is not >> a good platform for devising, say, crypto protocols and act accordingly >> (use 3rd party protocols ...)? > > You mean, trust another entity, which might have been suborned? How are they > less likely to have produced something without backdoors than the IETF? > > Noel