Are we conflating back doors in implementations with back doors in protocol
specifications? It's certainly a conceptual possibility for there to be a back
door in a protocol specification, but I don't recall ever hearing about one.
On the other hand, back doors, both intended and unintended, in the software
that implements protocols, are legion.
Steve
On Sep 20, 2013, at 11:25 AM, jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu
(Noel Chiappa) wrote:
From: Martin Sustrik <sustrik(_at_)250bpm(_dot_)com>
Isn't it the other way round? That exactly because IETF process is open
it's relatively easy for anyone to secretly introduce a backdoor into a
protocol?
...
With IETF standard there can very well be several unknown backdoors
introduced by different parties, so it's never safe.
Iff enough people are _carefully_ reviewing specs, that ought to find all the
backdoors. An open process does have potential issues, but it's also the one
with the best chance of producing a 'good' product.
That being said, wouldn't it make more sense to admit that IETF is not
a good platform for devising, say, crypto protocols and act accordingly
(use 3rd party protocols ...)?
You mean, trust another entity, which might have been suborned? How are they
less likely to have produced something without backdoors than the IETF?
Noel