SM,
Hi Hannes,
At 23:14 21-10-2013, Hannes Tschofenig wrote:
In context of the cryptographic primitives we certainly have relied a
lot on NIST, which is reflected in the number of presentations at the
SAAG meetings.
We have made too few attempts to reach out to other communities (if
those even exist) to hear other views. I once talked to Bart Preneel,
who is involved in the European crypto community, to attend an IETF
meeting but (for whatever reason) it didn't work out.
Maybe that's something to think about?
There are several governments which rely on NIST. It's difficult to
say whether there will be a shift away from that.
NIST creates standards that are mandatory only for US Gov use. (Even
then it's standards may be waived by a gov
agency if the agency head believes the costs are too great.) However, I
agree that NIST crypto standards tend to
be widely adopted by folks around the world on a voluntary basis.
In this age of suspicion a single-source provider is not a good idea.
If the IETF decides to review and re-review its protocols it would be
good to have input from other communities (re. what you mentioned above).
The major NIST crypto standards are the result of solicitations that are
open to the world, at least
in the recent past.AES was developed by two Belgians. SHA-3 is the
result of work more Belgians.
Should we infer that NSA co-opted theseBelgian crypto experts?
I think it is appropriate to focus on specific NIST crypto standards
that may have been inappropriately influenced,
rather than assuming that every NIST crypto standard is suspect. So far,
the only NIST crypto standard I've seen for
which there appears to be an objectively-justified concern is the PRNG
based on ECC.
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
