Re: Transparency in Specifications and PRISM-class attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The only back door necessary is the BGP4 route flap and private transport networks do the rest.

Todd

On 09/20/2013 09:02 AM, Noel Chiappa wrote:
     > From: Steve Crocker <steve@xxxxxxxxxxxx>

     > Are we conflating back doors in implementations with back doors in
     > protocol specifications?

Good point, but I was thinking specifically of protocol specs, since that's
what the IETF turns out.

     > It's certainly a conceptual possibility for there to be a back door in a
     > protocol specification, but I don't recall ever hearing about one.

Well, here's one I was just reading about this morning:

   Last week, the New York Times reported that Snowden's cache of documents
   from his time working for an NSA contractor showed that the [NSA] used its
   public participation in the process for setting voluntary cryptography
   standards, run by the government's National Institute of Standards and
   Technology, to push for a formula that it knew it could break.

   NIST, which accepted the NSA proposal in 2006 as one of four systems
   acceptable for government use

     http://www.reuters.com/article/2013/09/20/us-usa-security-snowden-rsa-idUSBRE98J02Z20130920

(The irony here is that NSA, which is supposed to ensure the security of
government communications, deliberately pushed a weakened system as "one of
four systems acceptable for government use" - probably because they worked out
that what's they'd lose by its use in a few cases non-critical cases [no doubt
they wouldn't OK its use in really crucial systems] was outweighed by what
they might gain from outside use.)

      Noel



--
Todd S. Glassey
Personal Disclaimers Apply





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]