[perpass] stronger crypto requirements
Lucy Lynch <llynch@civil-tongue.net> Thu, 05 September 2013 22:03 UTC
Return-Path: <llynch@civil-tongue.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2D6421F9034 for <perpass@ietfa.amsl.com>; Thu, 5 Sep 2013 15:03:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iqQxBcb9GHaQ for <perpass@ietfa.amsl.com>; Thu, 5 Sep 2013 15:03:29 -0700 (PDT)
Received: from hiroshima.bogus.com (hiroshima.bogus.com [IPv6:2001:418:1::80]) by ietfa.amsl.com (Postfix) with ESMTP id B59B521F8EC3 for <perpass@ietf.org>; Thu, 5 Sep 2013 15:03:29 -0700 (PDT)
Received: from hiroshima.bogus.com (localhost [127.0.0.1]) by hiroshima.bogus.com (8.14.3/8.14.3) with ESMTP id r85M3S1h052906 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <perpass@ietf.org>; Thu, 5 Sep 2013 15:03:29 -0700 (PDT) (envelope-from llynch@civil-tongue.net)
Received: from localhost (llynch@localhost) by hiroshima.bogus.com (8.14.3/8.14.3/Submit) with ESMTP id r85M3SSB052903 for <perpass@ietf.org>; Thu, 5 Sep 2013 15:03:28 -0700 (PDT) (envelope-from llynch@civil-tongue.net)
Date: Thu, 05 Sep 2013 15:03:28 -0700
From: Lucy Lynch <llynch@civil-tongue.net>
X-X-Sender: llynch@hiroshima.bogus.com
To: perpass@ietf.org
Message-ID: <alpine.BSF.2.00.1309051501520.47262@hiroshima.bogus.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: [perpass] stronger crypto requirements
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Sep 2013 22:03:31 -0000
may be in order: https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption says in part: " Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method. Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members. Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.” “Eventually, N.S.A. became the sole editor,” the memo says. " - Lucy
- [perpass] stronger crypto requirements Lucy Lynch
- Re: [perpass] stronger crypto requirements Randy Bush
- Re: [perpass] stronger crypto requirements Lucy Lynch
- Re: [perpass] stronger crypto requirements Stephane Bortzmeyer
- Re: [perpass] stronger crypto requirements Yoav Nir
- Re: [perpass] stronger crypto requirements Yoav Nir