On Mon, Oct 21, 2013 at 12:12 PM, Stephen Kent <[email protected]> wrote: > PHB, > > > There are a bunch of changes to PKIX that were blocked for quite some > time. The opposition coming from a cabal of DoD etc. contractors. This > opposition has proven ultimately futile since the industry has decided to > ignore the specification and set its own standards in two cases. > > A cabal? Gee do member have secret handshakes and a secret clubhouse? That > sounds like fun. Can I join? Oh, you'r saying that I *am* a member! >
One of the issues that has been raised in the government world is how do we convince people looking in that the IETF spec have not been contaminated by some of the alleged $250 mil/yr being spent on such purposes. This is not a theoretical problem or even a new one, but it is one that has been ignored in the past and is now going to be very much harder to ignore. Whether we like it or not, this is now part of the distrust landscape we have to deal with when designing technical solutions. If people want technologies like DNSSEC/DANE or RPKI to be deployed in practice they are going to have to answer the difficult questions about how cryptography is used to concentrate power over the Internet infrastructure by a very narrow range of institutions, most of which are ultimately under US govt. control. Now you can dismiss the conspiracy theories as nonsense but these are now conspiracy theories which are believed by the heads of government in some very large and significant countries. Countries that have the ability to decide Internet standards within their borders for themselves if they choose. So anyone who is proposing to deploy cryptographic infrastructures who does not take these issues into account is likely wasting their time at best or may at worse provoke those governments to fracture the Internet rather than allow entrenchment of existing powers. If we try to look at the situation from their point of view, what do we see? On past vulnerabilities, it would seem that the NSA has delivered a paltry return if very much of that $250mil was spent on subverting standards. At best they have one borked random number generator that Ferguson spotted was bjorked back in 2007 and Bruce blogged on, a couple of PKIX holes that they maybe helped keep open. Thats hardly a return on investment to be proud of. Another hypothesis is that much of that money was spent for the purposes it should have been spent on - protecting US cyber infrastructure from attack i.e. cyberdefense but that the expenditures were written up as cyber attack because that is what was prized during the Alexander years at the NSA. So even if we see future documents come out naming names or programs, they don't necessarily mean what they might say. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
