[Cfrg] NSA sabotaging crypto standards
"Manger, James" <James.H.Manger@team.telstra.com> Thu, 06 February 2014 15:00 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5EBB1A012E for <cfrg@ietfa.amsl.com>; Thu, 6 Feb 2014 07:00:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.202
X-Spam-Level:
X-Spam-Status: No, score=-0.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RCVD_IN_DNSWL_NONE=-0.0001, RELAY_IS_203=0.994] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A3rAVDLEugbZ for <cfrg@ietfa.amsl.com>; Thu, 6 Feb 2014 07:00:19 -0800 (PST)
Received: from ipxcno.tcif.telstra.com.au (ipxcno.tcif.telstra.com.au [203.35.82.208]) by ietfa.amsl.com (Postfix) with ESMTP id A8E431A0116 for <cfrg@irtf.org>; Thu, 6 Feb 2014 07:00:18 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.95,793,1384261200"; d="scan'208";a="172789360"
Received: from unknown (HELO ipcani.tcif.telstra.com.au) ([10.97.216.200]) by ipocni.tcif.telstra.com.au with ESMTP; 07 Feb 2014 02:00:17 +1100
X-IronPort-AV: E=McAfee;i="5400,1158,7340"; a="146989758"
Received: from wsmsg3702.srv.dir.telstra.com ([172.49.40.170]) by ipcani.tcif.telstra.com.au with ESMTP; 07 Feb 2014 02:00:16 +1100
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3702.srv.dir.telstra.com ([172.49.40.170]) with mapi; Fri, 7 Feb 2014 02:00:16 +1100
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: "Eggert, Lars" <lars@netapp.com>
Date: Fri, 07 Feb 2014 02:00:09 +1100
Thread-Topic: NSA sabotaging crypto standards
Thread-Index: AQHPIsre7dMajC0+eUin/ZQFR4FNZ5qoVxyA///oesA=
Message-ID: <255B9BB34FB7D647A506DC292726F6E1153AE65F2E@WSMSG3153V.srv.dir.telstra.com>
References: <20140203192451.6268.76511.idtracker@ietfa.amsl.com> <7af2f9df96e5867d493c614806235363.squirrel@www.trepanning.net> <CACsn0cm1f-P95je5AbEbZ02Ut3+HM7Hx28P6j46TqE-=06eZDg@mail.gmail.com> <52F00EF3.3040505@cisco.com> <CACsn0c=zS5GKex3eF_hKgTsL1kH=TiBi3iAP9oMrJ9hDQcT4Gw@mail.gmail.com> <7BAC95F5A7E67643AAFB2C31BEE662D018B81B7DE5@SC-VEXCH2.marvell.com> <CACsn0cn0TaHsDkyN2ewOorxxBzXivCg=QGR-ZnBiC3nJhvhpRg@mail.gmail.com> <14AB44E0-4C90-4E4C-A656-885A31CF4C02@checkpoint.com> <CACsn0cmDT-FAN8uMZ0w8TX6GKPAZjnrexLeFQd7QhRfoY6AGFQ@mail.gmail.com> <75e1e853dc391b418062ee5e51adeb2f.squirrel@www.trepanning.net> <CABqy+sr7ZKrACj4Ga2_75d9Kea0aKbrp2P5fWWu4YZP53zijxw@mail.gmail.com> <CACsn0cmS152wYQWHiX8ykzaMM=6b=r=fwVuLfPj_u0wmoq0jKw@mail.gmail.com> <7BAC95F5A7E67643AAFB2C31BEE662D018B81B7F7C@SC-VEXCH2.marvell.com> <CACsn0c=a5PvZOZgVRjHaJ2avGCPHF6b6nOpNh+iT0909X-jUFA@mail.gmail.com> <52F23D52.4090509@cisco.com> <EFA9E215-3B01-43C6-A8F0-3F98E3ED2E26@netapp.com> <255B9BB34FB7D647A506DC292726F6E1153AD4CF05@WSMSG3153V.srv.dir.telstra.com> <3E30D764-7E19-45DB-9D6D-63949F5B36CB@netapp.com>
In-Reply-To: <3E30D764-7E19-45DB-9D6D-63949F5B36CB@netapp.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: [Cfrg] NSA sabotaging crypto standards
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 15:00:21 -0000
>> could you take a minimal stand against the sabotage of crypto >> standards by the NSA. I'm glad other IETF groups are trying to address >> pervasive surveillance with technical measures, but we also know: the >> NSA has sabotaged crypto standards; they have not told us which >> standards bodies or which specifications are affected; they haven't >> told us the nature of the sabotage. The NSA have tarnished a lot of >> work by our standards community on improving internet security. In this >> situation it is totally untenable for an NSA employee to chair this >> crypto standards group. Make it clear that an organization cannot both >> sabotage our work and have their employees openly participate in our >> civil community. > The CFRG is not a standards group. It does not produce standards. These look and smell like standards to me, and this is where they are worked on. draft-irtf-cfrg-advice draft-irtf-cfrg-augpake draft-irtf-cfrg-cipher-catalog draft-irtf-cfrg-cwc draft-irtf-cfrg-dragonfly draft-irtf-cfrg-fast-mac-requirements draft-irtf-cfrg-icm draft-irtf-cfrg-kdf-uses draft-irtf-cfrg-ocb draft-irtf-cfrg-rhash draft-irtf-cfrg-tmmh draft-irtf-cfrg-ust draft-irtf-cfrg-zss draft-irtf-cfrg-zssbn draft-mcgrew-aead-* ... > It's > discussions and documents may influence IETF standards, but those > discussions happen in IETF working groups governed by the IETF process. > This is important, because not all of the IETF rules apply to the IRTF, > see RFC2014. (For example, IRTF research groups need not come to > consensus on their output.) > > As an individual, I am fully in favor of making widespread wiretapping > as difficult and costly as possible, and I am very supportive of > anything the IETF and IRTF can do here. NSA have been sabotaging crypto standards. This is separate from widespread wiretapping. > That said, replacing Kevin Igoe as co-chair of the CFRG is not an > action that will get us any closer towards that goal. Removing Kevin Igoe will be a concrete statement that we find the NSA sabotage of crypto standards unacceptable. It will also make it just that bit more difficult and costly for future sabotage of standards. Not because Kevin is no longer a chair, but by making it just a little bit harder for the NSA to attract budding cryptographers, who will be just a bit more wary of joining the NSA when it might crimp their ability to contribute to forums such as CFRG. > Please see my > detailed reply to Trevor for why; the short version is that I don't > believe that Kevin (or David, for that matter) have any greater > influence over the output of the research group than other > participants. They don't have any veto rights, or an ability to > suppress contributions or discussions, or a way to mandate certain > outcomes. Of course chairs have some greater influence, but that it not particularly relevant. Removing Kevin is a signal about sabotaging standard. > Our best defense against IRTF and IETF work being subverted is > transparency, and getting as much review from as diverse a group of > people as possible. That is one defence. Another one is to add one more factor for the NSA to weigh when they next consider sabotaging crypto. If Kevin is removed they are more likely to remember that it harms their remit to improve security, and harms their employees. > Eliminating groups of people from participating > because of their current or past employment status, or based on whom > they consulted for or took research grants from weakens that open > process. We are not eliminating groups, we are saying we strongly object to one organization's actual behaviour. My understanding is that Kevin Igoe is a current employee of the NSA, paid (at least in part) to work on crypto standards. >past employment status >consulted for >took research grants No one is suggesting anything about those categories. Listing them feels like an attempt to invoke an imaginary slippery slope as an excuse not to act. > Lars -- James Manger
- [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-03.t… internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… David McGrew
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… David McGrew
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Paul Lambert
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Yoav Nir
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Mike Hamburg
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Robert Ransom
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Paul Lambert
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Michael Hamburg
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Watson Ladd
- [Cfrg] publishing dragonfly (was: Re: 2^40. I can… David McGrew
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Eggert, Lars
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Manger, James
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Eggert, Lars
- [Cfrg] NSA sabotaging crypto standards Manger, James
- Re: [Cfrg] NSA sabotaging crypto standards Alexandre Anzala-Yamajako
- Re: [Cfrg] how can CFRG improve cryptography in t… Rob Stradling
- Re: [Cfrg] NSA sabotaging crypto standards Eggert, Lars
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Paul Hoffman
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Paul Hoffman
- Re: [Cfrg] NSA sabotaging crypto standards David McGrew
- Re: [Cfrg] NSA sabotaging crypto standards Dan Harkins
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] NSA sabotaging crypto standards Nikos Mavrogiannopoulos
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- [Cfrg] how can CFRG improve cryptography in the I… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Daniel Kahn Gillmor
- Re: [Cfrg] NSA sabotaging crypto standards Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Rene Struik
- Re: [Cfrg] how can CFRG improve cryptography in t… Stephen Farrell
- Re: [Cfrg] how can CFRG improve cryptography in t… dan
- Re: [Cfrg] how can CFRG improve cryptography in t… Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… Daniel Kahn Gillmor
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Stephen Farrell
- Re: [Cfrg] how can CFRG improve cryptography in t… Tom Ritter
- Re: [Cfrg] how can CFRG improve cryptography in t… Igoe, Kevin M.
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Paul Lambert
- Re: [Cfrg] how can CFRG improve cryptography in t… Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… Rene Struik
- Re: [Cfrg] how can CFRG improve cryptography in t… Geoffrey Waters
- Re: [Cfrg] how can CFRG improve cryptography in t… S Moonesamy
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew