|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com In-Reply-To: <52B6920B.4030905@iang.org> Date: Sun, 22 Dec 2013 08:52:18 -0500 From: Phillip Hallam-Baker <hallam@gmail.com> To: "cryptography@metzdowd.com" <cryptography@metzdowd.com> Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com --===============1961419331348567280== Content-Type: multipart/alternative; boundary=089e013c6644d4bcb004ee1fd1af --089e013c6644d4bcb004ee1fd1af Content-Type: text/plain; charset=ISO-8859-1 On Sun, Dec 22, 2013 at 2:17 AM, ianG <iang@iang.org> wrote: > > But the point I want to make here is we need to avoid accusing people of >> being in league with the devil when all they actually did was not ask >> the right questions or enough questions. >> > > > Absolutely, we need to separate the people from the problem. Old Dutch > expression: go soft on the people, go hard on the problem. > > Nobody needs to accuse the RSA folk of being evil. Nor should we accuse > the NSA of being stupid, and to say they wouldn't do such things is simple > ignorance. > > The NSA are very smart. They know how to figure out the openings, what is > possible. They know how to convince someone who wants to be convinced. > $10m makes someone want to be convinced. > > As I seem to be saying a lot, *it is their job* ! The NSA are spies, > after all, and they're very good at it. If this doesn't make any sense, > read more spy novels -- there is a common thread, *the asset always loses*. > The job of the NSA was to make America safe. They have not been doing that job at all. Over the past twenty years the industrialized world has become dependent on the net as a critical infrastructure. Without power and water it is not possible to live in the urban population densities we live in today. Without the net there is no food on the shelves of the supermarkets. Instead of eliminating the vulnerabilities in the critical infrastructure, the NSA has worked to make them bigger and create new ones. The civil industry can't work with the agency that is meant to be working on the same problems. The NSA has completely destroyed the trust that was established. I find it very hard to see who is going to be joining the NSA now. It used to be that they were the only game in town if you wanted to do crypto. Then they became a place where you would get paid rather less than in industry but get to work with the best people and emerge with a stellar resume. Now they are a place where you will be paid less than in the commercial crypto world, you will be considered a pariah in your local community and your resume will be toxic afterwards. The NSA has become the crypto world equivalent of Fox 'News': once you work there you can't work anywhere else in the industry. And, don't blame me for this rationale. The NSA must be taught that if > they wish to pervert a supplier, the responsibility for its failure must > come back to the NSA. The NSA brought RSA down. > No the lesson is that nobody works with the NSA. If the US government wants to do anything to protect the country against cyber attack they are going to have to set up a civil run, civil led organization to do the work -- Website: http://hallambaker.com/ --089e013c6644d4bcb004ee1fd1af Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail= _quote">On Sun, Dec 22, 2013 at 2:17 AM, ianG <span dir=3D"ltr"><<a href= =3D"mailto:iang@iang.org" target=3D"_blank">iang@iang.org</a>></span> wr= ote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border= -left:1px #ccc solid;padding-left:1ex"> <br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> But the point I want to make here is we need to avoid accusing people of<br= > being in league with the devil when all they actually did was not ask<br> the right questions or enough questions.<br> </blockquote> <br> <br> Absolutely, we need to separate the people from the problem. =A0Old Dutch e= xpression: =A0go soft on the people, go hard on the problem.<br> <br> Nobody needs to accuse the RSA folk of being evil. =A0Nor should we accuse = the NSA of being stupid, and to say they wouldn't do such things is sim= ple ignorance.<br> <br> The NSA are very smart. =A0They know how to figure out the openings, what i= s possible. =A0They know how to convince someone who wants to be convinced.= =A0$10m makes someone want to be convinced.<br> <br> As I seem to be saying a lot, *it is their job* ! =A0The NSA are spies, aft= er all, and they're very good at it. =A0If this doesn't make any se= nse, read more spy novels -- there is a common thread, *the asset always lo= ses*.<br> </blockquote><div><br></div><div>The job of the NSA was to make America saf= e. They have not been doing that job at all.</div><div><br></div><div>Over = the past twenty years the industrialized world has become dependent on the = net as a critical infrastructure. Without power and water it is not possibl= e to live in the urban population densities we live in today. Without the n= et there is no food on the shelves of the supermarkets.</div> <div><br></div><div><br></div><div>Instead of eliminating the vulnerabiliti= es in the critical infrastructure, the NSA has worked to make them bigger a= nd create new ones.</div><div><br></div><div>The civil industry can't w= ork with the agency that is meant to be working on the same problems. The N= SA has completely destroyed the trust that was established.</div> <div><br></div><div>I find it very hard to see who is going to be joining t= he NSA now. It used to be that they were the only game in town if you wante= d to do crypto. Then they became a place where you would get paid rather le= ss than in industry but get to work with the best people and emerge with a = stellar resume. Now they are a place where you will be paid less than in th= e commercial crypto world, you will be considered a pariah in your local co= mmunity and your resume will be toxic afterwards.</div> <div><br></div><div><br></div><div>The NSA has become the crypto world equi= valent of Fox 'News': once you work there you can't work anywhe= re else in the industry.</div><div><br></div><div><br></div><blockquote cla= ss=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pa= dding-left:1ex"> And, don't blame me for this rationale. =A0The NSA must be taught that = if they wish to pervert a supplier, the responsibility for its failure must= come back to the NSA. =A0The NSA brought RSA down.<br></blockquote><div><b= r> </div><div>No the lesson is that nobody works with the NSA.</div><div><br><= /div><div>If the US government wants to do anything to protect the country = against cyber attack they are going to have to set up a civil run, civil le= d organization to do the work</div> <div><br></div></div><div><br></div>-- <br>Website: <a href=3D"http://halla= mbaker.com/">http://hallambaker.com/</a><br> </div></div> --089e013c6644d4bcb004ee1fd1af-- --===============1961419331348567280== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography --===============1961419331348567280==--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |