[148409] in cryptography@c2.net mail archive
Re: [Cryptography] Kindle as crypto hardware
daemon@ATHENA.MIT.EDU (Bill Frantz)
Wed Dec 11 14:23:51 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 11 Dec 2013 10:59:40 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <52A865F2.40908@iang.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 12/11/13 at 5:17 AM, iang@iang.org (ianG) wrote:
>But now it is policy. The DUAL_EC_DRBG is just the one we have
>the more or less complete picture on. A reasonable observer
>should be able to conclude that the SSL/PKI debacle is in the
>NSA's best interests, and this puts all of the PKIX and TLS and
>HTTPS-everywhere efforts under a cloud [2]. As is cloud :)
The evidence from the pieces of backdoored technology that NSA
has been involved in is that they prefer backdoors which they
can use and no one else can. Clipper has a specific NSA key to
encrypt the session key. DUAL_EC_DRBG had a similar feature.
These protocols remained "secure" from those that didn't have
the keys.
Note that many business organizations might be quite happy
knowing that NSA could read their traffic as long as NSA
maintains its "Never Say Anything" reputation. NSA's mistake was
passing information about criminal activities to law enforcement
rather than sticking to national security. That change of policy
scared many businesses, since a clever prosecutor can find
something illegal in almost any activity.
I think the SSL/PKI debacle speaks more of incompetence and a
strong desire to preserve a revenue model. NSA has just taken
advantage of what they found.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345
Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos,
CA 95032
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography