[Cryptography] Boing Boing pushing an RSA Conference boycott

ianG iang at iang.org
Wed Jan 15 14:28:49 EST 2014 

On 15/01/14 21:29 PM, Salz, Rich wrote:
>> Also, we have the fact that they ignored the warnings that came out about DUAL_EC, from around 2007 - 2013.
>> In short, their highly regarded cryptographic experts were not deployed, not available, not on that job.
> 
> Perhaps their experts had different opinions.


Could have been, but that isn't the case.  There is enough background
info to conclude that the experts were not consulted on the deal.  Not
that it makes much difference, remember the clanger.


> Or perhaps the marketing literature you quoted was somewhat exaggerated; wow, like that's never happened before.


There are some things that can be exaggerated ... and some things that
can't be passed off as mere bluster and marketing.

https://en.wikipedia.org/wiki/I_know_it_when_I_see_it


> It's easy to look backwards and say "they must have been evil."


I never said they were evil, but it might be evil to reinterpret words
to defend the indefensible, dunno.

As has been repeatedly mentioned in this list, RSA were tricked.  They
and the people within were not evil nor are they evil.

Rather, *there but for the grace of the crypto gods go we all*.

(You're right about the looking back part for myself, I never even heard
of a DUAL_EC before this blew up.)


> But unless you were there, or can read minds, that's just an opinion.


As has been mentioned, we are in a different space - the attacker
refuses to play fair with us and appear in court to answer our
prosecution.  No discovery is possible.  He will lie, prevaricate,
deceive, and perjure, ignore orders to reveal.

We cannot therefore rely on the standard of "beyond reasonable doubt"
without committing a willful blindness ourselves.

This won't change.  I therefore choose not to be willfully blind, and
use a weaker standard.  Balance of probabilities is suggested for civil
cases, and that seems to be a good working metric.

Anyone of course can decide to insist on a smoking gun -- beyond
reasonable doubt.  But we're dealing with an attacker that isn't that
stupid.

Should we be?  If you choose that path, all power to you, but you've
taken yourself and your opinion out of the game.  Sorry about that.



iang

More information about the cryptography mailing list