[Cryptography] Conferences, committees, compliance

Arnold Reinhold agr at me.com
Sun Jan 19 17:47:29 EST 2014 

On Jan 19, 2014, at 3:42 AM, ianG <iang at iang.org> wrote:

> Today's devil's advocacy post...
> 
> 
> On 19/01/14 02:22 AM, Arnold Reinhold wrote:
>>> On 2014-01-18 04:28, Arnold Reinhold wrote:
>>>> 3. If I were working for NSA tasked with with disrupting the
>>>> independent cryptographic community's response to the Snowdon
>>>> revelations, I'd be hard pressed to come up with a better idea than
>>>> a boycott of the RSA conference.
>>> 
>>> Seems to me that the independent cryptographic community's response to
>>> the Snowdon revelations is Jon Callas and Daniel Bernstein.  How does
>>> boycotting RSA adversely affect them and what they are doing?
>> 
>> So Jon and Daniel have it all taken care of?
> 
> 
> To a surprising extent, yes.  Certainly in comparison to the committees,
> conferences, and also the compliance processes, yes.
> 
> Possibly this is just self bias, but I've been yammering on about things
> like single modes and single algorithms and single architects for yonks,
> and now these guys are starting to do it.  Have a look at CAESAR -- this
> ground shift away from 'perfect' block ciphers has only occurred in the
> last decade or so.  Why did that take so long?
> 
> My answer is this:  cryptographers and cryptoplumbers have really only
> started talking together seriously in the last decade or so.
> 
> Conferences, committees, compliance processes didn't help that -- the
> interfered with it.
> 
> (C3 considered evil?)

If new cryptography is going to have any chance roll back the mass surveillance state, it will have to make its way into commercial use. Getting broad acceptance require dealing with committees and compliance processes.  Boutique cryptography solutions only give the security agencies smaller haystacks in which to search for troublemaker needles.  

Single modes and single algorithms and single architects is a terrific goal, but CAESAR (a committee, by the way) won't have a final portfolio until the end of 2107 (tentative). And how long after that to gain broad acceptance? And what critical vulnerability in AES-GCM will they solve that we should wait that long to even start agreeing on a single algorithm suite? 

> 
> 
>> We can just relax, and their admirable work, which solves all known and still undiscovered problems, will make its way into every security product by the sheer weight of its superiority?  No protocol issues to resolve? No need for people looking for weaknesses to brainstorm possible attacks? No need for people who are working on similar problems to meet and share issues and solutions? No need for those who still don't get it to hear from those who do? 
> 
> 
> If you look back on C3, ask what notable results have come out ... list
> them out ... and then look at what the builders have achieved by
> themselves.  As just plain engineers.
> 
> The list isn't all one way, but there is a surprising amount of stuff
> that came from engineers acting alone or in teams of 2.
> 
> Skype, Bitcoin, SSH, SSL, were all done initially by engineers.
> 
> Then look at all the cryptographer-led ventures:  DigiCash, Peppercoin,
> various DRMs.

I seem to recall at least some issues that have arisen with the engineer-led solutions you admire.  There is a whole world of crypto stuff out there, and I certainly can't vouch for which benefited from contacts and information exchanged at conferences; I doubt anyone can.  

> 
> 
>> I can't think of any discipline where the advocacy, relationship-building and cross fertilization that takes place in a conference is needed more than in cryptography, especially in light of the recent disclosures.  
> 
> 
> Yes.  I agree the advocacy, relationship-building and cross
> fertilization is needed.
> 
> But these processes aren't admitted to much of C3.  Many academic
> conferences are captured by their paper-acceptance process, where you
> have to be in the acceptance committees, accept crap papers from your
> buddies, so they accept your crap papers.  It's a career-building
> necessity, if you want academic credibility!  Unfortunately, the more
> you win, the more you lose, as these little peer groups isolate
> themselves in self-perpetuating crap.
> 
> Commercial conferences are captured by the vendors.  That's the main
> defence of the RSA conference: "oh, my, where will I go to sell my
> stuff?"  Committees are captured by the vendors, who send in their
> engineers to make sure they get the least bad deal they can fight for.
> Compliance processes are written by the industry leaders to establish
> and cost-increase their own position. ...

Getting the people who are angry over Dual_EC_DRBG to stay away from the RSA conference, hardly hurts RSA. If you don't want to deal with all the process baloney involved and would rather stay home and write code, good for you. But don't demonize others who want to engage by demanding they boycott the conference.  

Arnold Reinhold

More information about the cryptography mailing list