[perpass] stronger crypto requirements

Lucy Lynch <llynch@civil-tongue.net> Thu, 05 September 2013 22:03 UTC

Return-Path: <llynch@civil-tongue.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2D6421F9034 for <perpass@ietfa.amsl.com>; Thu, 5 Sep 2013 15:03:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iqQxBcb9GHaQ for <perpass@ietfa.amsl.com>; Thu, 5 Sep 2013 15:03:29 -0700 (PDT)
Received: from hiroshima.bogus.com (hiroshima.bogus.com [IPv6:2001:418:1::80]) by ietfa.amsl.com (Postfix) with ESMTP id B59B521F8EC3 for <perpass@ietf.org>; Thu, 5 Sep 2013 15:03:29 -0700 (PDT)
Received: from hiroshima.bogus.com (localhost [127.0.0.1]) by hiroshima.bogus.com (8.14.3/8.14.3) with ESMTP id r85M3S1h052906 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <perpass@ietf.org>; Thu, 5 Sep 2013 15:03:29 -0700 (PDT) (envelope-from llynch@civil-tongue.net)
Received: from localhost (llynch@localhost) by hiroshima.bogus.com (8.14.3/8.14.3/Submit) with ESMTP id r85M3SSB052903 for <perpass@ietf.org>; Thu, 5 Sep 2013 15:03:28 -0700 (PDT) (envelope-from llynch@civil-tongue.net)
Date: Thu, 5 Sep 2013 15:03:28 -0700 (PDT)
From: Lucy Lynch <llynch@civil-tongue.net>
X-X-Sender: llynch@hiroshima.bogus.com
To: perpass@ietf.org
Message-ID: <alpine.BSF.2.00.1309051501520.47262@hiroshima.bogus.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Subject: [perpass] stronger crypto requirements
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Sep 2013 22:03:31 -0000

may be in order:



https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption

says in part:

" Simultaneously, the N.S.A. has been deliberately weakening the 
international encryption standards adopted by developers. One goal in the 
agency’s 2013 budget request was to “influence policies, standards and 
specifications for commercial public key technologies,” the most common 
encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities 
in a standard adopted in 2006 by the National Institute of Standards and 
Technology, the United States’ encryption standards body, and later by the 
International Organization for Standardization, which has 163 countries as 
members.

Classified N.S.A. memos appear to confirm that the fatal weakness, 
discovered by two Microsoft cryptographers in 2007, was engineered by the 
agency. The N.S.A. wrote the standard and aggressively pushed it on the 
international group, privately calling the effort “a challenge in 
finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says. "

- Lucy