[148625] in cryptography@c2.net mail archive
Re: [Cryptography] Fwd: [IP] RSA Response to Media Claims Regarding
daemon@ATHENA.MIT.EDU (Max Kington)
Mon Dec 23 10:35:55 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAOLP8p5F0cxLtbymp83MmwJwatVaDyMhWeFTP1UF2RSffZXAKw@mail.gmail.com>
Date: Mon, 23 Dec 2013 09:09:59 +0000
From: Max Kington <mkington@webhanger.com>
To: Bill Cox <waywardgeek@gmail.com>
Cc: Cryptography List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============8502060645213495935==
Content-Type: multipart/alternative; boundary=089e013a1f16067b8e04ee2ffe2f
--089e013a1f16067b8e04ee2ffe2f
Content-Type: text/plain; charset=ISO-8859-1
On 23 Dec 2013 05:54, "Bill Cox" <waywardgeek@gmail.com> wrote:
>
> Does this mean RSA denies accepting $10M for making the NSA RNG the
default in BSAFE? You did not say so in your post. So now RSA
"categorically denies" entering into a secret contract with the NSA. If it
wasn't secret, why didn't I hear about it? I'm pretty sure it would have
made the geek news, and I may not be a crypto expert, but I follow geek
news (slashdot would have burned RSA alive).
Unless I've missed it, what was the $10 million for?
Secret or not I can't see in that statement why they got it in the first
place. Is the implied suggestion really just to encourage RSA to be early
adopters of the EC based RNG? If so why? And why so much money. If it was
purely technically better surely that case could be demonstrably made to
RSA (look it's better) and in due course NIST?
It does kind of lead to the obvious reason being that that case couldn't be
made and so as to pre-seed the market place before it going to NIST.
The legitimate business purpose I can guess was to pay rsa to spent the
time and money reviewing it and NSA wanted people to be more secure. Still,
ten million is a lot of money.
I'm surprised that question wasn't asked at RSA at the time. Perhaps it
was. We're questions like the following asked?
1) Are we being duped?
2) If so how?
3) Why?
Maybe they went in having reviewed it and couldn't see what was wrong.
After all even nearly ten years later people still can't put their finger
on exactly what it is the advantage for the NSA.
I can imagine a world where RSA were suspicious but not being behind the
door concluded no foul play (they're not thick) or at the very least we're
extremely hesitant to decline ten million dollars without providing the NSA
with a plausible and convincing reason.
'sorry, we don't want your money because we think you're upto something,
our best and brightest can't work out what but we're unhappy enough to turn
down your money. Also please don't hold that against us when it comes to
all the other business we do'
As you say they might have been duped or they might have known or an
absolute myriad of circumstances in between.
M
--089e013a1f16067b8e04ee2ffe2f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<p dir=3D"ltr"><br>
On 23 Dec 2013 05:54, "Bill Cox" <<a href=3D"mailto:waywardgee=
k@gmail.com">waywardgeek@gmail.com</a>> wrote:<br>
><br>
> Does this mean RSA denies accepting $10M for making the NSA RNG the de=
fault in BSAFE? =A0You did not say so in your post. =A0So now RSA "cat=
egorically denies" entering into a secret contract with the NSA. =A0If=
it wasn't secret, why didn't I hear about it? =A0I'm pretty su=
re it would have made the geek news, and I may not be a crypto expert, but =
I follow geek news (slashdot would have burned RSA alive).</p>
<p dir=3D"ltr">Unless I've missed it, what was the $10 million for? </p=
>
<p dir=3D"ltr">Secret or not I can't see in that statement why they got=
it in the first place. Is the implied suggestion really just to encourage =
RSA to be early adopters of the EC based RNG? If so why? And why so much mo=
ney. If it was purely technically better surely that case could be demonstr=
ably made to RSA (look it's better) and in due course NIST? </p>
<p dir=3D"ltr">It does kind of lead to the obvious reason being that that c=
ase couldn't be made and so as to pre-seed the market place before it g=
oing to NIST. </p>
<p dir=3D"ltr">The legitimate business purpose I can guess was to pay rsa t=
o spent the time and money reviewing it and NSA wanted people to be more se=
cure. Still, ten million is a lot of money. </p>
<p dir=3D"ltr">I'm surprised that question wasn't asked at RSA at t=
he time. Perhaps it was. We're questions like the following asked? </p>
<p dir=3D"ltr">1) Are we being duped? <br>
2) If so how? <br>
3) Why? </p>
<p dir=3D"ltr">Maybe they went in having reviewed it and couldn't see w=
hat was wrong. After all even nearly ten years later people still can't=
put their finger on exactly what it is the advantage for the NSA. </p>
<p dir=3D"ltr">I can imagine a world where RSA were suspicious but not bein=
g behind the door concluded no foul play (they're not thick) or at the =
very least we're extremely hesitant to decline ten million dollars with=
out providing the NSA with a plausible and convincing reason. </p>
<p dir=3D"ltr">'sorry, we don't want your money because we think yo=
u're upto something, our best and brightest can't work out what but=
we're unhappy enough to turn down your money. Also please don't ho=
ld that against us when it comes to all the other business we do'</p>
<p dir=3D"ltr">As you say they might have been duped or they might have kno=
wn or an absolute myriad of circumstances in between. </p>
<p dir=3D"ltr">M<br></p>
--089e013a1f16067b8e04ee2ffe2f--
--===============8502060645213495935==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============8502060645213495935==--
