[Cryptography] Security clearances and FOSS encryption?

[ianG]

On 9/07/2014 17:18 pm, John Kelsey wrote:
> To the extent clearances do what they're supposed to do, they should indicate less risk of compromise to the project--less blackmail or bribery potential, for example.


Well, there are clearances that we do on our people, and the clearances
that our enemy does on his people.  We're talking about the latter, so
following your train of thought, we are dealing with (a) a signal of
something, and (b) people who are already compromised ... by the issuer
of the clearance, aka, the enemy.

Of course, compromise is a relative term, as is conflict of interest.


> An ongoing relationship with someone who wants to compromise the project (which could be NSA, or a US govt contractor, or another country, or a criminal organization, or ...) is a potential problem,


Yep, but one we can defend against these issues, if we take care.  As
we're in the security business, one would think we could also take care
of this issue.  It's just a variant of any other insider attack.


> but no one trying to infiltrate your project will tell you about those.  


Sort of, maybe.  Actually, anyone infiltrating your project will set it
up so they don't need to tell you.

Very different thing.  You simply have to respond by making it mandatory
for them to state such things.  It's a common thing to have a policy
requiring conflicts of interest to be disclosed, indeed it is even law
in some circumstances.


> We have a kind of instinctive security notion of wanting to build a nice big wall with bad guys outside and good guys inside, but that doesn't really work too well.  Instead, we need processes that don't rely overmuch on any one person's integrity or competence.  (That protects against errors as well as malfeasance.) 


Yep.  Precisely.  The agency attack is just a variant.


iang