ietf
[Top] [All Lists]

Re: Transparency in Specifications and PRISM-class attacks

2013-09-20 08:35:06
On Fri, Sep 20, 2013 at 6:20 AM, Harald Alvestrand 
<harald(_at_)alvestrand(_dot_)no> wrote:
I'd like to snippet Phil's suggestion to an abbreviated version of one
sentence, becaue I think this is right on.

On 09/19/2013 05:37 PM, Phillip Hallam-Baker wrote:

The issue we need to focus on is how to convince our audience that our
specifications have not been compromised

To my mind, the first thing to focus on is making our specs readable, so
that it's possible to understand that they have not been compromised.

Who are you including in "our audience"?  There is no way, whether by
removing complexity or not, to make it possible for the average
network manager or BGP configurer to be certain that a particular
crypto method does not have the insidious influence of some shadowy
organization baked into it.  And if your audience is experts in the
field, then they probably don't see the complexity as complex.
Frankly I don't think Philip's goal is possible except through
non-technical means such as open processes.

<Prev in Thread] Current Thread [Next in Thread>