Phill, On 10/21/13 10:21 PM, Phillip Hallam-Baker wrote: > > Whether we like it or not, this is now part of the distrust landscape > we have to deal with when designing technical solutions.
I agree with this statement. It reminds me of a famous statement: trust but verify. The only method we have to deal with the sort of interference we've read about are our open and transparent processes (it's one of the reasons draft-resnick-consensus is very important, by the way). Nobody has anything better to offer, nor will they have. > If people want technologies like DNSSEC/DANE or RPKI to be deployed in > practice they are going to have to answer the difficult questions > about how cryptography is used to concentrate power over the Internet > infrastructure by a very narrow range of institutions, most of which > are ultimately under US govt. control. To this we can only say that if the U.S. attempted to exert that control, it would be widely noticed, and it would quickly lead to changes. > > On past vulnerabilities, it would seem that the NSA has delivered a > paltry return if very much of that $250mil was spent on subverting > standards. At best they have one borked random number generator that > Ferguson spotted was bjorked back in 2007 and Bruce blogged on, a > couple of PKIX holes that they maybe helped keep open. Thats hardly a > return on investment to be proud of. Two things: 1. $250 million probably doesn't account for everything that was done. 2. I would expect that this was a relatively small portion of what was spent. > > > Another hypothesis is that much of that money was spent for the > purposes it should have been spent on - protecting US cyber > infrastructure from attack i.e. cyberdefense but that the expenditures > were written up as cyber attack because that is what was prized during > the Alexander years at the NSA. Who knows? Does it matter from an IETF perspective? Does it change the attack surface discussion in a formal sense? Eliot
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
