On Mon, Jul 06, 2026 at 10:58:54PM +0300, Orr Dunkelman wrote: > Again, we see that the NSA did not really take any responsibility about the > DUAL EC DBRG nor its Bullrun project. As you may have read Matthew Green's > summary (which I do hope we agree is not just a cryptographer wanna-be > playing so on the internet), it is not that the NSA came clean about the > deliberate devastation of cryptographic standards. So if the Canadian > equivalent of that project won the internal argument, do you see we need to > know who those people are? What are their objectives?
While I agree with your points, the thing we can't really do is say "fool us once, shame on you, fool us twice, shame on us and we'll never work with you again" -- not that we can't morally do that, but that the leviathan is probably best fought in other ways. Like all active attackers they get to try, and we can't stop them trying. We can detect the attack, and here the detection is just reputational -- that would work if the would-be attackers were private actors, but with nation-states it's a little trickier because if they get too pissed off they might resort to the rubber hoses that we can't resist. Ergo publishing as RECOMMENDED=N is a reasonably safe option. And if it turns out that that 'they' are fooling us for a third/nth time, well, oh well. It's not like refusing to publish is really an option given that the codepoints are assigned and other SDOs are willing to publish -- the horse has left the barn. But if 'they' should indeed be mounting an attack, the public will find out, and 'their' reputation will be further tarnished (for whatever that's worth). Nico -- _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
