IETF Logo Mail Archive

Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00

Nico Williams <nico@cryptonector.com> Tue, 02 October 2018 21:15 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C250813120C for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 14:15:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zEELTKwgEV73 for <saag@ietfa.amsl.com>; Tue, 2 Oct 2018 14:15:44 -0700 (PDT)
Received: from pdx1-sub0-mail-a33.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C94B131259 for <saag@ietf.org>; Tue, 2 Oct 2018 14:15:44 -0700 (PDT)
Received: from pdx1-sub0-mail-a33.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a33.g.dreamhost.com (Postfix) with ESMTP id B49608017A; Tue, 2 Oct 2018 14:15:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=a1fsDW7tSVv8W/ RAoi/QU4BsxZI=; b=l69VVrBd6v1GKIhbvIcrCOf79Zm0YKwfWQ+zFYhDoKMz03 h5mxulFETq/jcBX6oVOpejLQKcPjYh/k8A0ZPV+oTwsJ7cwSSTeiV5E+op7vCjFq payrGBcHXIJuxsyg1ECj6g2H2IAPhgQCjDVxI2T86LsVOB/kzm/PJvBA4nKgQ=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a33.g.dreamhost.com (Postfix) with ESMTPSA id 67E0580179; Tue, 2 Oct 2018 14:15:41 -0700 (PDT)
Date: Tue, 02 Oct 2018 16:15:39 -0500
X-DH-BACKEND: pdx1-sub0-mail-a33
X-DH-BACKEND: pdx1-sub0-mail-a33
From: Nico Williams <nico@cryptonector.com>
To: Carl Wallace <carl@redhoundsoftware.com>
Cc: Paul Wouters <paul@nohats.ca>, saag@ietf.org
Message-ID: <20181002211538.GJ2164@localhost>
References: <alpine.LRH.2.21.1810021055160.25461@bofh.nohats.ca> <D7D94F2D.C22E0%carl@redhoundsoftware.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <D7D94F2D.C22E0%carl@redhoundsoftware.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/At-EO40xHQZGVSTEuRfnFQDqKQc>
Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Oct 2018 21:15:52 -0000

On Tue, Oct 02, 2018 at 04:41:06PM -0400, Carl Wallace wrote:
> What's the difference between a nation state profile and a similar or same
> profile that has been marshaled through a commercial entity?

None, of course.

I don't object to having codepoint assignments for all sorts of
cryptographic algorithms from various nation states and even
corporations.

I also don't object to FYI publications of these, though presumably any
nation state or large corporation could setup their own SDOs, therefore
we perhaps should not lend then either the ISE's nor the IETF nor
RFC-Editor's resources -- we just can't really refuse IANA resources.

What we should want is for required-to-implement algorithms to be ones
we reasonably believe are secure, and we should pick those for reasons
other than national origin of said algorithms.  We should make these
decisions on a case-by-case basis, as we long have.

Nico
--

v2.23.0 | Report a Bug | By Email