[147815] in cryptography@c2.net mail archive
[Cryptography] A different explanation of the Snowden documents
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Tue Oct 22 20:08:49 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 22 Oct 2013 15:34:49 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5382730161108625238==
Content-Type: multipart/alternative; boundary=001a1134598472c42204e9597e45
--001a1134598472c42204e9597e45
Content-Type: text/plain; charset=ISO-8859-1
We have all seen what happens when an organization have a clear set of
priorities, a set of aggressive metrics used to evaluate progress and an
'up or out' culture: The middle managers massage the figures to meet the
metrics.
So China might be going through an economic boom or a bust but the official
figures won't show the difference because they bear no relation to reality.
Are the leaked NSA documents possibly the result of the same cultural
effect?
I am specifically thinking of claims like the purported vulnerabilities
introduced into security specs. So far we have detected the NIST random
number generator but that was spotted at the time. There are a few areas
where DoD contractors have dominated IETF process but the result has not
been to block changes to the standard, the standards have instead been set
outside IETF process.
So I see the following possibilities
1) The NSA documents are genuine
2) The NSA documents are a hoax
3) The NSA documents are the result of structural self delusion.
I discount 2 and at least some documents are describing real programs. But
I am starting to think that some of the programs maybe work about as well
as that missile defense scheme they have never tested without fudging the
result so it succeeds.
Imagine you are a Major in the NSA and Alexander has taken over and the
only way he knows to win a war is to destroy the opposition (rather than
not start it). You have ten years of working constructively with the IETF
etc. to improve the security of Internet standards. How do you present your
work?
--
Website: http://hallambaker.com/
--001a1134598472c42204e9597e45
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">We have all seen what happens when an organization have a =
clear set of priorities, a set of aggressive metrics used to evaluate progr=
ess and an 'up or out' culture: The middle managers massage the fig=
ures to meet the metrics.<div>
<br></div><div>So China might be going through an economic boom or a bust b=
ut the official figures won't show the difference because they bear no =
relation to reality. Are the leaked NSA documents possibly the result of th=
e same cultural effect?</div>
<div><br></div><div><br></div><div>I am specifically thinking of claims lik=
e the purported vulnerabilities introduced into security specs. So far we h=
ave detected the NIST random number generator but that was spotted at the t=
ime. There are a few areas where DoD contractors have dominated IETF proces=
s but the result has not been to block changes to the standard, the standar=
ds have instead been set outside IETF process.</div>
<div><br></div><div>So I see the following possibilities</div><div><br></di=
v><div>1) The NSA documents are genuine</div><div><br></div><div>2) The NSA=
documents are a hoax</div><div><br></div><div>3) =A0The NSA documents are =
the result of structural self delusion.=A0</div>
<div><br></div><div>I discount 2 and at least some documents are describing=
real programs. But I am starting to think that some of the programs maybe =
work about as well as that missile defense scheme they have never tested wi=
thout fudging the result so it succeeds.</div>
<div><br></div><div><br></div><div>Imagine you are a Major in the NSA and A=
lexander has taken over and the only way he knows to win a war is to destro=
y the opposition (rather than not start it). You have ten years of working =
constructively with the IETF etc. to improve the security of Internet stand=
ards. How do you present your work?<br clear=3D"all">
<div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://h=
allambaker.com/</a><br>
</div></div>
--001a1134598472c42204e9597e45--
--===============5382730161108625238==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5382730161108625238==--
