[Cryptography] NSA security guidelines for videoconferencing

Barney Wolff barney at databus.com
Tue May 5 00:21:54 EDT 2020

On Mon, May 04, 2020 at 10:11:27PM -0400, Phillip Hallam-Baker wrote:
> On Mon, May 4, 2020 at 2:24 AM Whitfield Diffie <whitfield.diffie at gmail.com>
> wrote:
> > BW> Unless the algorithm is rot0 or the user is a savant, some
> > software is being trusted. And I doubt
> > BW> that even a savant could handle video encryption at frame rate.
> >
> >     This is a different sort of objection and surprises me.  It is a
> > factual question; does somebody have the facts?
> >
> >                           Whit
> >
> Since I regularly stream HD video over an IPSEC VPN using AES, my hardware
> can clearly keep up.

Just to clear up any confusion, I meant "savant" as in "Rain Man" which seems not to have been obvious. My point was that if your threat model is a nefarious or fallible conferencing service, isn't that same service supplying the software you're running on the endpoint devices? 

Requiring that each end user obtain, compile and run an open source client might work in some environments, but probably does not scale, and the old question remains of why you trust the compiler.* Perhaps it would be useful to have the clients and the server written and controlled by strictly separated entities. You're still trusting the client software, of course.

* (Off topic, somewhat) I've always wondered whether "Reflections on Trusting Trust" was inspired by "The Moon is a Harsh Mistress."

More information about the cryptography mailing list