Re: [Cryptography] Opening Discussion: Speculation on BULLRUN

2013-09-07 Thread Samuel Weiler

On Thu, 5 Sep 2013, Phillip Hallam-Baker wrote:

* Allowing deployment of DNSSEC to be blocked in 2002(sic) by 
blocking a technical change that made it possible to deploy in 

As an opponent of DNSSEC opt-in back in the day, I think this is a 
poor example of NSA influence in the standards process.

I do not challenge PHB's theory that the NSA has plants in the 
IETF to discourage moves to strong crypto, particularly given John 
Gilmore's recent message on IPSEC, but I doubt that the NSA had any 
real influence on the DNSSEC opt-in debacle of 2003.

First, DNSSEC does not provide confidentiality.  Given that, it's not 
clear to me why the NSA would try to stop or slow its deployment.

Second, as I look at the people who opposed opt-in and the IETF 
working group chairs who made the decision to kill it, I don't see 
likely NSA stooges.  The list of opponents during working group last 
call was so short [1] (as compiled by PHB, back in the day) that I 
thought the working group chairs got the consensus call wrong.  The 
DNSEXT chairs were Randy Bush and Olafur Gudmundsson.  In previous 
years, Olafur had worked for TIS Labs, which had taken plenty of DoD 
money over the years.  Even so, I do not suspect he was influenced by 
the NSA.  Randy has taken money from DHS in more recent years, but I'm 
even more convinced he was not an NSA stooge.  (Randy was the chair 
issuing the opt-in last call and writing the summary.)

Third, many of the opt-in opponents in 2003 seemed to be pretty 
convinced that the lowered security guarantees and extra complexity of 
opt-in were nothing more than a subsidy for Verisign, which could just 
as well throw more money at the problem of signing its large zones. 
One might plausibly argue that Verisign's push for opt-in (and its 
later push for NSEC3) was itself a stalling tactic.  One might even go 
further and say that Verisign initiated such stalling at the behest of 
the NSA.  I would not make that argument, but it is at least as 
plausible as an argument that the opt-in opponents or WG chairs were 
NSA stooges.

Lastly, the US DoD was funding some amount of work on DNSSEC at the 
time (i.e., my own participation).  During that timeframe, significant 
progress was being made on the deployability of DNSSEC, and I think 
the DoD funding helped.  Depending on your whims, you could either 
credit DoD for helping or blame them for not providing even more 
funding, which might have made for faster progress.

So, again, while PHB's general theory might have merit, I think the 
DNSSEC opt-in example is not on point.

Disclosures: I was deeply involved in the IETF's DNSEXT working group 
during this time, and my funding came from non-NSA bits of DoD.  I am 
not aware of any NSA influence in my funding, and I felt no NSA 
pressure in the work I was doing.  I was a vocal opponent of opt-in, 
but in the end I chose to step aside and let it advance.[2]

-- Samuel Weiler



The cryptography mailing list

Re: English 19-year-old jailed for refusal to disclose decryption key

2010-10-08 Thread Samuel Weiler

On Thu, 7 Oct 2010, Nicolas Williams wrote:

If decryption results in plaintext much shorter than the ciphertext -much 
shorter than can be explained by the presence of a MAC- then it'd be fair to 
assume that you're pulling this trick.

Not to argue with your overall point re: crypto not protecting citizens from 
their states, but I disagree with the above in the case of truecrypt, which is 
what was being discussed.

I have many unencrypted drives (or partitions) that are only partially 
full. It's quite plausible that an encrypted drive would not be very 
full.  (I thought I might need more space later. or well, I had all 
of this space...)

Moreover, possession of software that can do double encryption could be 
considered probable cause that your files are likely to be encrypted with it.

There's a lot of software I use daily which has features I never touch.  I use 
the alpine MUA, but I never have it fetch mail from a POP server, I don't use 
message scroing, etc.  Maybe the suspect selected truecrypt because it works on 
all of linux, MacOS and Windows, unlike so many other such tools.  And is free, 
unlike BestCrypt.  There are many plausible reasons for selecting that tool 
that have nothing to do with the double encryption feature.

-- Sam

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to