Re: Transparency in Specifications and PRISM-class attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Are we conflating back doors in implementations with back doors in protocol specifications?  It's certainly a conceptual possibility for there to be a back door in a protocol specification, but I don't recall ever hearing about one.  On the other hand, back doors, both intended and unintended, in the software that implements protocols, are legion.

Steve

On Sep 20, 2013, at 11:25 AM, jnc@xxxxxxxxxxxxxxxxxxx (Noel Chiappa) wrote:

>> From: Martin Sustrik <sustrik@xxxxxxxxxx>
> 
>> Isn't it the other way round? That exactly because IETF process is open
>> it's relatively easy for anyone to secretly introduce a backdoor into a
>> protocol?
>> ...
>> With IETF standard there can very well be several unknown backdoors
>> introduced by different parties, so it's never safe.
> 
> Iff enough people are _carefully_ reviewing specs, that ought to find all the
> backdoors. An open process does have potential issues, but it's also the one
> with the best chance of producing a 'good' product.
> 
>> That being said, wouldn't it make more sense to admit that IETF is not
>> a good platform for devising, say, crypto protocols and act accordingly
>> (use 3rd party protocols ...)?
> 
> You mean, trust another entity, which might have been suborned? How are they
> less likely to have produced something without backdoors than the IETF?
> 
> 	Noel






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]