On Fri, Sep 20, 2013 at 11:25 AM, Noel Chiappa <jnc@xxxxxxxxxxxxxxxxxxx> wrote:
--
Website: http://hallambaker.com/
> From: Martin Sustrik <sustrik@xxxxxxxxxx>
> ...
> Isn't it the other way round? That exactly because IETF process is open
> it's relatively easy for anyone to secretly introduce a backdoor into a
> protocol?
> With IETF standard there can very well be several unknown backdoorsIff enough people are _carefully_ reviewing specs, that ought to find all the
> introduced by different parties, so it's never safe.
backdoors. An open process does have potential issues, but it's also the one
with the best chance of producing a 'good' product.
It is not necessarily a backdoor.
Maybe it is encouraging the IETF to produce two email infrastructures that are incompatible rather than just one.
Maybe it is blocking attempts to make the DNSSEC root not a monolithic, single rooted hierarchy under control of a body that only exists due to a contract with the US government.
Maybe it is whispering in the ears of both sides in the DNSSEC OPT-IN debacle to ensure that no compromise was possible.
Maybe it is arguing against allowing PKIX Name constraint extensions that are not marked critical and are thus compatible with Safari.
Encouraging a stalemate that prevents fixing a security hole in a protocol might be the way these people are working.
Oh and I spoke to someone who has seen the documents this week. From what he said it would not surprise me at all for one part of the NSA to be trying to sabotage a standards effort while other government agencies, possibly the NSA is attempting to do the opposite.
The right hand does not know what the left is doing. These systems are heavily compartmentalized and subdivided internally. The result is that they are operating with little overall knowledge and little accountability.
The Krell had a similar problem with their Great Machine.
Website: http://hallambaker.com/