[Cryptography] Cue the blamestorming

[Phillip Hallam-Baker]

On Thu, Apr 17, 2014 at 8:12 PM, ianG <iang at iang.org> wrote:

> https://lobste.rs/s/3utipo/openbsd_has_started_a_massive_strip-down_and_cleanup_of_openssl/comments/fkwgqw

We also need a documentation fix. Bad documentation is a canary for bad code.

This might have been fixed but we all assumed that there was no
problem. Nobody in OpenSSL was telling us they needed help.


>> And the fact that the US govt. which
>> we thought was making a significant contribution to COMSEC through the
>> NSA turns out to have spent less than 0.5% of its budget on COMSEC
>> standards related activities and most of that went into sabotage.
>
> Yes, that particular misinformation campaign has been revealed.  I'm not
> sure who it was aimed at tho...

Problem is that it is really impossible for an organization to address
two incompatible goals. We now know that SIGINT was the overwhelming
priority to the effective exclusion of all COMSEC.


>> We also need to bring government resources to bear because there are
>> some things that are really hard to achieve in either a commercial or
>> a volunteer model.
>
> That's not a sufficient reason.  You'd also have to show that the
> government can do a better job, rather than make a bigger mess.  I err
> on the latter, so I'm interested to hear claims to the former.

I was just in Turkey for the opening of the new CyberDefense program
at METU in Ankara. Comodo is backing the program but commercial
entities can't back such programs without government support. It has
to be a partnership.

I can back individual projects but they will inevitably be seen as
backing one particular commercial position. We need government funding
as well.

If I don't like what is on offer from one, I'll pick another.




-- 
Website: http://hallambaker.com/