On Fri, Sep 20, 2013 at 11:25 AM, Noel Chiappa
<jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu>wrote:
> From: Martin Sustrik <sustrik(_at_)250bpm(_dot_)com>
> Isn't it the other way round? That exactly because IETF process is
open
> it's relatively easy for anyone to secretly introduce a backdoor
into a
> protocol?
> ...
> With IETF standard there can very well be several unknown backdoors
> introduced by different parties, so it's never safe.
Iff enough people are _carefully_ reviewing specs, that ought to find all
the
backdoors. An open process does have potential issues, but it's also the
one
with the best chance of producing a 'good' product.
It is not necessarily a backdoor.
Maybe it is encouraging the IETF to produce two email infrastructures that
are incompatible rather than just one.
Maybe it is blocking attempts to make the DNSSEC root not a monolithic,
single rooted hierarchy under control of a body that only exists due to a
contract with the US government.
Maybe it is whispering in the ears of both sides in the DNSSEC OPT-IN
debacle to ensure that no compromise was possible.
Maybe it is arguing against allowing PKIX Name constraint extensions that
are not marked critical and are thus compatible with Safari.
Encouraging a stalemate that prevents fixing a security hole in a protocol
might be the way these people are working.
Oh and I spoke to someone who has seen the documents this week. From what
he said it would not surprise me at all for one part of the NSA to be
trying to sabotage a standards effort while other government agencies,
possibly the NSA is attempting to do the opposite.
The right hand does not know what the left is doing. These systems are
heavily compartmentalized and subdivided internally. The result is that
they are operating with little overall knowledge and little accountability.
The Krell had a similar problem with their Great Machine.
--
Website: http://hallambaker.com/