Re: [Cfrg] NSA re-org and its impact
Watson Ladd <watsonbladd@gmail.com> Wed, 03 February 2016 04:21 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C03C21A0270 for <cfrg@ietfa.amsl.com>; Tue, 2 Feb 2016 20:21:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, GB_I_LETTER=-2, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xcwXU6X0I32s for <cfrg@ietfa.amsl.com>; Tue, 2 Feb 2016 20:21:55 -0800 (PST)
Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9980F1A0273 for <cfrg@irtf.org>; Tue, 2 Feb 2016 20:21:54 -0800 (PST)
Received: by mail-yw0-x236.google.com with SMTP id h129so2925539ywb.1 for <cfrg@irtf.org>; Tue, 02 Feb 2016 20:21:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=a7NGWW4c16WAQzSGKZuB1OHPettE1+F2txWwbuPHD2A=; b=Hun8sXb6zgp+nxPei4/Ljm6VTaRjLJ+9/fOATNnpgxNp48/IpPsAHTAb3Zyb7MERuc fSna5Y4USXs7UbCCE8C5c+hsCM7pgQI+QGhv3MkEi7bTaJEOm7O6T8qhAG3Re7iEXYpq C6LSuj8jFyLs9GwbkikHyj5tJy3Amq30oPaiyOhGg5Sf17W3mSRLdrGiKFj/6XbabsVE FkOXiEq+vJ8FS+hmo2cwf9aNolbCqHcCzQz+uhjKNx3Z4/Y9os6aJ6ovZZme3WT/0Xk/ 4hBYkfjfrA/ZhDA5rq2gO6MBdnx8wQ9sYFXr+vyEIJL5PhsGVsh6kKpXjniefT5uv8AV gC+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=a7NGWW4c16WAQzSGKZuB1OHPettE1+F2txWwbuPHD2A=; b=LhGtiUJWwlFYV/aw5FIB/Y05Qcjs8/Ibr01ShK6VLdHc0uWr1osVvM5tOxoMk1Xf0A H2hLUDnvJt81Mg2vEXqPPgokw3WozsRbHmLGKjCmR0LBiyCB2gxciopxiIJJ2Orkxlz0 BAmT+7TTJv5/c9nmbjQifnChYQ/7a/sRWzuNgX7uj/j184ngCDvgg4T+XsI35z/8j/Ya FPy4301PjdgLUD6vaqn9g/vEVC3XWipPAGW5YhrDhwvgVAuqWgo7N8ndO6wMGrGoQggM D5wD76lQjpQN9HmEDxH0+s3fFeMM6u+wnxR4OLrs9mKS97zPRR9OOUlT2IzAci2cLgJg 2AFA==
X-Gm-Message-State: AG10YORRT7vOsT3umYgShnFrasAqX399Nbb8m8vv3KOl4orD3op9VMRNJMuq7O5hivd897GQeDfh/yFLaSkkLg==
MIME-Version: 1.0
X-Received: by 10.129.57.135 with SMTP id g129mr12779521ywa.244.1454473313892; Tue, 02 Feb 2016 20:21:53 -0800 (PST)
Received: by 10.13.216.138 with HTTP; Tue, 2 Feb 2016 20:21:53 -0800 (PST)
Received: by 10.13.216.138 with HTTP; Tue, 2 Feb 2016 20:21:53 -0800 (PST)
In-Reply-To: <CAHOTMVJ0h0xoO+4iHYa8V_6x4qVRCYRZmWCd-sJ7r04V9wyaAA@mail.gmail.com>
References: <69adf656430c4230981785b78af76af4@usma1ex-dag1mb1.msg.corp.akamai.com> <CAHOTMVJ0h0xoO+4iHYa8V_6x4qVRCYRZmWCd-sJ7r04V9wyaAA@mail.gmail.com>
Date: Tue, 02 Feb 2016 20:21:53 -0800
Message-ID: <CACsn0cmKE5GsSiR9A8P878y2KYwwbhgWGFRPccuXb9qKTSoBjg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Tony Arcieri <bascule@gmail.com>
Content-Type: multipart/alternative; boundary="001a114c78fe35c285052ad5f504"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/IohX6R69LHFejqqHLQ_uWnnbFqY>
Cc: cfrg@irtf.org, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [Cfrg] NSA re-org and its impact
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2016 04:21:56 -0000
On Tue, Feb 2, 2016 at 7:54 PM, Tony Arcieri <bascule@gmail.com> wrote: > On Tue, Feb 2, 2016 at 12:14 PM, Salz, Rich <rsalz@akamai.com> wrote: >> >> The NSA is re-organizing to merge its signals intelligence (attack) and >> information assurance (protect) into one unit. The NSA is, by US Law, the >> official advisor to NIST on cryptography. NIST has a pretty admirable track >> record of crypto (exceptions being mostly when they were misled by their >> official expert). Things may change now. Or not. YMMV. > > > At a time when NIST needs to restore trust, it would seem rather unwise for > them to accept any unjustified parameters from the NSA like they did with > Dual_EC_DRBG (and hopefully they prefer well-scrutinized, widely trusted > standards such as the CFRG curves) > > Dual_EC_DRBG was a debacle, but short of the NSA making massive advances > over the public sector in cryptography and therefore being able to hide a > backdoor in plain sight it seems like the sort of trick they can only pull > once... Like putting MD5 into widespread deployment after Dobbartin's 1996 paper? Or Dual EC post 2007? Or continuing to widely use TLS 1.0 post Bard's 2004 attack, and Bodo Mueller's cbc-attacks.txt? Or making IKEv2 and IKEv1 sufficiently baroque that the only widely deployable mode was easily decryptable, then ensuring that VPN makers would tell their clients to enable it. We've know about every public NSA attack on crypto years before it happened. The basic fact is people know things about crypto, and will tell you what to do. And you do them, or you suffer the consequences. And to the extent the IETF can't adapt to that, we need to take the letter E out and replace it with B. > > This is clearly a bad development, but hopefully NIST learned its lesson the > last time around. > > -- > Tony Arcieri > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg > -- "Man is born free, but everywhere he is in chains". --Rousseau.
- [Cfrg] NSA re-org and its impact Salz, Rich
- Re: [Cfrg] NSA re-org and its impact Yoav Nir
- Re: [Cfrg] NSA re-org and its impact Tony Arcieri
- Re: [Cfrg] NSA re-org and its impact Watson Ladd