On 9/6/2013 1:05 PM, Perry E. Metzger wrote:
I have re-read the NY Times article. It appears to only indicate that this was *a* standard that was sabotaged, not that it was the only one. In particular, the Times merely indicates that they can now confirm that this particular standard was sabotaged, but presumably it was far from the only target.

WEP was so bad it's hard to think anyone could have done that intentionally.
OTOH, stupidity usually wins out over malice. Besides, I don't believe that WEP
fits the other attributes of the story.

But seriously, sabotage can manifest itself in a lot of different ways. Perhaps their
HUMINT promoted attitudes of jealously and backstabbing. Those means would
likely be more efficient means to get something you want. Eventually everyone gets weary and will agree on practically anything even if it isn't near optimal,
especially it it had been suggested early on and then discarded because the
committee decided they could do better. There's also politics, bribes, and other
gratuity they might offer.

There's more than one one to dumb down standards besides just suggesting
the wording of some crypto details which is what everyone seems to be
assuming they did. Maybe all they did was encourage an dumb idea that
someone else offered.

Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein
The cryptography mailing list

Reply via email to