[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?

Sun Jul 20 05:18:06 EDT 2014

On 19/07/2014 17:11 pm, Phillip Hallam-Baker wrote:
> On Fri, Jul 18, 2014 at 3:47 PM, Paul Wouters <paul at cypherpunks.ca> wrote:
>> On Tue, 25 Mar 2014, tpb-crypto at laposte.net wrote:
>>
>>> Security will not be improved with "trusted proxies" that is for sure. But
>>> it seems such ideas are making their way into the protocol while being
>>> pushed by the monarch.
>>
>>
>> They are not. Anyone can submit a draft to IETF. That does not mean
>> anything. Rest assured, I've talked to enough people to know that
>> no "trusted proxy" protocol change will happen.
>>
>> If you fear one is being sneaked in somehow, contact me one or the
>> Security Area Directors at IETF.
> 
> The thing about categorical statements like this is that they are
> almost certainly wrong.

Categorically, there is no single way in which a process like the IETF
could be perverted ;) Concentrating on one particular weakness such as
trusted proxies will allow people to argue it hasn't happened (here)
therefore the IETF is not corrupted (at all).  That's as pointless as
saying the onus is on the accuser to provide the evidence.

Instead, we need to concentrate on the process, and develop
understanding of methods and cases [0].  Which is what Paul tried to do.
 Anyone can submit a draft, anyone can talk to ADs.

That defence is easy to subvert, I claim.  Anyone can do it, but that
anyone must have money.  Not money to pay bribes but money to pay for
people time.  An organisation with a big budget can pay for people to go
to the IETF events, submit a draft, edit, improve, sit on the mail
groups to push the agenda, spend a term as AD, etc.

Hence, we can suggest that IETF WGs are vulnerable to takeover by rich
organisations.  Who would find that a ridiculous claim?  Who's voice is
dominant in the IETF security WGs?  The large American corporations that
pushed PKI always?  Or the many American banking customers who got
phished because it didn't work?  Clearly, the former.  The latter can't
afford it.

E.g., a recent case in point was a discussion on algorithmic agility
which I engaged in at saag and tcpinc.  It was *expensive* ... the
discussion bounced back and forth between groups, with procedure and
claims of 'consensus' being used as weapons by incumbents.  I spent a
lot of hours!  Which I cannot afford!  In the end, the emerging fresh
anti-consensus was more or less slapped down, but it also seems that the
push to encode algorithm agility into RFC got stalled.

The winner will be the one who spends more resources.  The winner won't
be the merits and benefits of either approach.  IETF Security Working
Groups are no different to the blockchain, the security WGs are
vulnerable to a 51% takeover by the NSA mining cartel, only the GRU
mining cartel and the PLA can save us.

...
>  In fact I am pretty sure that sort
> of behavior is how the paid NSA trolls have discouraged consideration
> of ideas that would cause real difficulty for their schemes because
> they could be widely deployed in favors of crypto-perfectionist
> schemes that will only ever be used by crypto-geeks and then only
> occasionally.

I have no idea whether they've done that.  But it's a no-brainer to me
that they would try it.  They've got the budget, they've got the
incentive, they've got the expertise.  What haven't they got?

If I was in the NSA, I'd be thumping the desk.  "Get our people in there
and get our agenda set.  Dammit, 350 algorithms isn't enough!"

IETF process is set up for more benign players.  It assumes commercial
organisations who are roughly honest, won't push so far into deception,
criminality, etc.  Submarine patents would be as far as they go, because
it's in the law, it's their right.  We all want to make money, and money
will eventually flow to the better solution, right?  We can all agree on
a consensus on money, right?

Spooks are a whole other ball game.

> So when people slap ideas down without giving an argument please
> either ignore them or seriously consider the possibility you are being
> trolled.

;)

iang

[0] Which is why the DUAL_EC case is so important, and hats off to NIST
for conducting a fullsome and documented enquiry.  We need those
developed cases.