[148806] in cryptography@c2.net mail archive
Re: [Cryptography] Fwd: [IP] RSA Response to Media Claims Regarding
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Sat Dec 28 13:31:53 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <52BF0D88.9070700@connotech.com>
Date: Sat, 28 Dec 2013 12:59:16 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Thierry Moreau <thierry.moreau@connotech.com>
Cc: Tom Mitchell <mitch@niftyegg.com>,
Cryptography List <cryptography@metzdowd.com>,
Bill Cox <waywardgeek@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1554645371572703213==
Content-Type: multipart/alternative; boundary=001a11c2662e12c58d04ee9bf83b
--001a11c2662e12c58d04ee9bf83b
Content-Type: text/plain; charset=ISO-8859-1
On Sat, Dec 28, 2013 at 12:42 PM, Thierry Moreau <
thierry.moreau@connotech.com> wrote:
>
>>
>> Today the rules and players are different.
>>
>
> But due to "the power of the installed base," the above-mentioned victory
> is still highly influential.
I think the mistake was a little subtler.
Back in the 1990s when we were fighting the cryptowars, the pass/fail
criteria for any crypto proposal was whether it resisted Louis Freeh's
wiretap ambitions. Which given that Freeh went on to facilitate a GOP coup
d'etat impeaching a President over a blow job was pretty damn important.
As a result we failed a lot of approaches that have delivered much more
real world security than the IETF projects ever have. The IETF was pushing
end-to-end solutions and rejecting anything that fell short of that ideal.
Meanwhile we passed a lot of security protocols that were unusable in the
real world. The IPSEC standard does not support NAT to this day. Only
implementations support NAT passthrough and they do so in ways that require
a huge amount of folklore to be known in order to make an interoperable
implementation.
We accepted a situation where we had two separate email specifications with
a disjoint set of features and called them both standards.
Meanwhile every power plant, water plant and chemical plant in the country
runs with no authentication on any of the sensor or control buses.
--
Website: http://hallambaker.com/
--001a11c2662e12c58d04ee9bf83b
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On S=
at, Dec 28, 2013 at 12:42 PM, Thierry Moreau <span dir=3D"ltr"><<a href=
=3D"mailto:thierry.moreau@connotech.com" target=3D"_blank">thierry.moreau@c=
onnotech.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im"><blockquote class=3D"gmail=
_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:=
1ex"><br>
<br>
Today the rules and players are different.<br>
</blockquote>
<br></div>
But due to "the power of the installed base," the above-mentioned=
victory is still highly influential.</blockquote><div><br></div><div>I thi=
nk the mistake was a little subtler.</div><div><br></div><div>Back in the 1=
990s when we were fighting the cryptowars, the pass/fail criteria for any c=
rypto proposal was whether it resisted Louis Freeh's wiretap ambitions.=
Which given that Freeh went on to facilitate a GOP coup d'etat impeach=
ing a President over a blow job was pretty damn important.</div>
<div><br></div><div>As a result we failed a lot of approaches that have del=
ivered much more real world security than the IETF projects ever have. The =
IETF was pushing end-to-end solutions and rejecting anything that fell shor=
t of that ideal.</div>
<div><br></div><div>Meanwhile we passed a lot of security protocols that we=
re unusable in the real world. The IPSEC standard does not support NAT to t=
his day. Only implementations support NAT passthrough and they do so in way=
s that require a huge amount of folklore to be known in order to make an in=
teroperable implementation.=A0</div>
<div><br></div><div>We accepted a situation where we had two separate email=
specifications with a disjoint set of features and called them both standa=
rds.</div><div><br></div><div><br></div><div>Meanwhile every power plant, w=
ater plant and chemical plant in the country runs with no authentication on=
any of the sensor or control buses.=A0</div>
<div><br></div><div>=A0</div></div>-- <br>Website: <a href=3D"http://hallam=
baker.com/">http://hallambaker.com/</a><br>
</div></div>
--001a11c2662e12c58d04ee9bf83b--
--===============1554645371572703213==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1554645371572703213==--
