A request has just been made to the IETF to remove an NSA employee as co-chair of one of the groups:
The whole email is worth reading. It presents multiple examples of NSA attempting to weaken the standard. And the conclusion (while polite) is nuclear:Dear IRTF Chair, IAB, and CFRG: I'd like to request the removal of Kevin Igoe from CFRG co-chair. The Crypto Forum Research Group is chartered to provide crypto advice to IETF Working Groups. As CFRG co-chair for the last 2 years, Kevin has shaped CFRG discussion and provided CFRG opinion to WGs. Kevin's handling of the "Dragonfly" protocol raises doubts that he is performing these duties competently. Additionally, Kevin's employment with the National Security Agency raises conflict-of-interest concerns. ... While much is unknown about these activities, the NSA is known to have placed a "back door" in a NIST standard for random number generation [ECDRBG]. A recent report from the President's Review Group recommends that the NSA: - "fully support and not undermine efforts to create encryption standards" - "not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software" [PRESIDENTS] This suggests the NSA is currently behaving contrary to the recommendations.
The Internet community is starting to interpret the NSA as the adversary, and is starting to route around it.While that's of course speculation, it remains baffling that an experienced cryptographer would champion such a shoddy protocol. The CFRG chairs have been silent for months, and haven't responded to attempts to clarify this. Conclusion ---- The position of CFRG chair (or co-chair) is a role of crucial importance to the IETF community. The IETF is in desperate need of trustworthy crypto guidance from parties who are above suspicion. I encourage the IAB and IRTF to replace Kevin Igoe with someone who can provide this.
4 comments:
The NSA brought this on themselves, and can't expect any better.
I read the four reasons for requesting the man's removal, and ... damn. That's painful stuff.
I can't argue with Rev. Paul's comment, though. They did this to themselves, and losing a seat at the table (almost literally) is probably one of the smaller prices they'll have to pay.
Those are amazing... To have to say that about someone in that field is destroying a reputation...
Archer, this is brutal. Abd yes, NSA has nobody to blame for this but themselves. This is a game they've likely been playing for ten years, and nobody will ever trust them again.
Good.
Post a Comment