[Cryptography] Gilmore response to NSA mathematician's "make rules for NSA" appeal

Stephen Farrell stephen.farrell at cs.tcd.ie
Sat Sep 28 13:07:48 EDT 2013

On 09/27/2013 05:30 AM, james hughes wrote:

> The thing that this list can effect is the creation of standards with
> a valuable respect for Moore's law and increases of mathematical
> understanding. Stated differently, "just enough security" is the
> problem. This past attitude did not respect the very probably future
> that became a reality.

I think there probably are some fair criticisms that we were a
bit complacent after the clipper and export stuff seemed to be
sorted out and the whole NIST/NSA thing with the AES and SHA-3
competitions seemed to be ticking over nicely.

> Are we going to continue this behavior? IMHO, based on what I have
> been seeing on the TLS list, probably.

That's more than a bit silly though IMO.

The sensible approach here is to a) see what's the best we can
do now with deployed code given that we know it takes years to
get anything near everything updated, but also b) figure out what
do we want to do, knowing that it'll take years for deployment
to happen no matter how small a change we make.

a) is Yaron's BCP draft
b) is TLS1.3 (hopefully) and maybe some extensions for earlier
   versions of TLS as well

Arguing for (b) only, and that we ignore (a) would be dumb.

For (a), we are entirely constrained in what we can do, basically,
the only thing we can do is say how to better configure already
deployed code.


> Jim
> _______________________________________________ The cryptography
> mailing list cryptography at metzdowd.com 
> http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list