[Cryptography] Opening Discussion: Speculation on "BULLRUN"

[Peter Gutmann]

"Perry E. Metzger" <perry at piermont.com> writes:

>At the very least, anyone whining at a standards meeting from now on that
>they don't want to implement a security fix because "it isn't important to
>the user experience" or adds minuscule delays to an initial connection or
>whatever should be viewed with enormous suspicion.

I think you're ascribing way too much of the usual standards committee
crapification effect to enemy action.  For example I've had an RFC draft for a
trivial (half a dozen lines of code) fix for a decade of oracle attacks and
whatnot on TLS sitting there for ages now and can't get the TLS WG chairs to
move on it (it's already present in several implementations because it's so
simple, but without a published RFC no-one wants to come out and commit to
it).  Does that make them NSA plants?  There's drafts for one or two more
fairly basic fixes to significant problems from other people that get stalled
forever, while the draft for adding sound effects to the TLS key exchange gets
fast-tracked.  It's just what standards committees do.

(If anyone knows of a way of breaking the logjam with TLS, let me know).

Peter.