[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sat, 7 Sep 2013, bad apple wrote:The cryptography mailing list has been a great resource for understandin the technical details and implications of recent revelations regarding the NSA.
This NSA business is the gift that just keeps on giving... there is no
bottom to this rabbit hole apparently.
http://www.mail-archive.com/cryptography@xxxxxxxxxxxx/msg12325.html
>From John Gilmore no less. Ouch.
In this particular case, I would like to hear the comments of other participants in those discussions.
I've followed a few IETF working groups (mostly as a lurker, and none were about actual crypto standards) and they tend to get pretty political. I've learned to take comments from participants, no matter how well respected they are, with a pinch of salt, unless backed up by others.
More generally, there has been a tendency to believe anything people who are "against the NSA" say, and to disbelieve everything the NSA says. Much as I understand that sentiment, I'm not sure if it's helpful.
The recent events should be a good lesson to scrutinize standards and implementations. But just because the NSA co-wrote or endorsed something, it doesn't mean it's weak. And likewise, just because the NSA says something is weak, it doesn't mean that it's something they can't break.
Martijn.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq