[Cryptography] From Nicaragua to Snowden - why no national standards should be considered in cryptosec

Henry Baker hbaker1 at pipeline.com
Sat Feb 27 14:27:00 EST 2016


At 02:36 PM 2/26/2016, Ian G wrote:
>Long article on why IETF and similar bodies should *not* pander to national bodies in adopting encryption algorithms.
>
>http://www.bu.edu/jostl/files/2016/01/21.1_Tobias_Final_web.pdf
>
>III.  CHINESE WIRELESS TRANSMISSION STANDARDS AND THEIR COUNTERPARTS The standards with which this Note is concerned show the truth behind Smoot's claim that the information technology industry "uses every kind of standardization process imaginable."93  The three relevant Chinese standards are WLAN Authentication and Privacy Infrastructure ("WAPI"), Ultra HighThroughput WLAN & its counterpart Enhanced Ultra High-Throughput WLAN ("UHT/EUHT"), and ZUC ­ taken together, the Encryption Standards.  The table below lays out basic information about the standards, their applications, and their foreign competition.
>
>...
>VII.  CONCLUSION  A WTO Panel, in a dispute over the Encryption Standards invoking Article XXI's national security exception, is very likely to produce a dual ruling akin to the GATT Panel Report in US ­ Nicaragua: that China has breached its obligations, yet that breach is justified under Article XXI's national security exception.  Any ruling to the contrary would require the Panel to ignore the terms of reference set in US — Nicaragua and rule on the validity or motivation of China's invocation of Article XXI.  As national security goes to the core of a sovereign's responsibility, the consequences of a new formal interpretation of Article XXI would be severe ­ and beyond the scope of this Note.

I'm sure that the upcoming WPP (scheduled to be passed in December'16 by the lame duck Senate persons looking for their next gigs) will fix all of this: China can have their 128-bit backdoored encryption, Hollywood can have their 8,000-bit DRM encryption, NSA can continue to surveil the world, and all the "little people" can go pound sand.



More information about the cryptography mailing list