[bestbits] Do we really want to shoot in Dilma's foot?

Tue Oct 15 13:16:08 EDT 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/15/2013 01:50 AM, Pranesh Prakash wrote:
> JFC Morfin [2013-10-14 20:49]:
>> At 21:32 14/10/2013, Pranesh Prakash wrote:
>>> Do you have a link for this?
>>
>> The internet architecture has not been designed (it was a prototype) and
>> reviewed for security (this belongs first to IRTF and IAB).
>
> This is true. But that doesn't answer my question about NSA weakening
> IETF or other similar bodies.  NSA has been shown to have meddled with
> NIST processes (by introducing a PRNG called Dual EC DRBG in the NIST SP
> 800-90A standard), but as far as I know no IETF/IRTF/IESG/IAB, etc. body
> ever considered those.  NIST and NSA are statutorily wedded to each
> other: NIST is *required* under US law to work with the NSA in crypto
> standards formulation.

I am curious as to under what statute are NIST and NSA supposed to work
together other than the general obligation of NIST's standard making
process which is to be open to participation to all agencies of the
Federal Government.

AFAIK, Federal law and associated policy guidance has expressed a
general preference for Federal agencies to rely on voluntary consensus
standards, in lieu of government unique standards, through the National
Technology Transfer and Advancement Act of 1995 and Office of Management
and Budget Circular A-119, which encourage agency staff to participate
in standards-development activities led by the private sector, as
appropriate but what has transpired post this is beyond my current
knowledge.
>
>
>
>

- -- 
Warm Regards
Mishi Choudhary, Esq.
Director-International Practice
Software Freedom Law Center
1995 Broadway Floor 17
New York, NY-10023
(tel) 212-461-1912
(fax) 212-580-0898
www.softwarefreedom.org

Executive Director
SFLC.IN
K-9, Second Floor
Jangpura Extn.
New Delhi-110014
(tel) +91-11-43587126
(fax) +91-11-24323530
www.sflc.in

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBAgAGBQJSXXhWAAoJEEApaiiieuDsX8YQAJ8urq50QxocGI+4pJp4/TyE
gtoaRVrzgM/ve7uVKChdZsw3v45zOREIbJKXsaZ46aRSddfS+OSILaJs7m7ZwrZ3
bFXKnm4oqi1yuCGhnxbffpi+8oE29rjkuWQDPH6Z3qIQ83xUJkKLan36HKJdEHTi
9t9Sixes1KR2oV0KwkCk7D3jq/etabSmPGsdxyDXAOGYc61K3e0JZpKaI0wElM+K
M/ZHmKLtgKQf5GK3qvOaflX+NnxgbZ0UzZcTgyYqtwDbijeMG2znVTZ7QpIPRWdc
GVN7XSqJWeheOJhNbk/nTqBg0Z+QaTrFlm9NqBPAeW7DO99qC/7N9gYzujErS12S
vXbrDUGO2XTlBdFlhWZLES3yJrOMy+pPLFLai4Jk4dgaHwz9QYAy0OmWUk1zi/pn
4t45P2uBFI5hNQi4MuHWKXEVP3L5hj+wbt51xAl4piQ1Nl1656wRammsghy9ZJcp
x+rHdP133S7dqUZLe+nJh926OSUKCT90EUk462VnnavbEt5SOvDwL0RsUSCHQrvo
mfJJYUmsdiR0XflD6r8UyqFXwaF9IaxK71T++Y/3D1mGyUU8pFBx+sAUdlXfIL+Y
2KVjUurzldI23t4dND2SBuP3m0RnVCzfJ11sgO3bz/33VWulzIIoyIAYdP5zqplq
FqZQe7trp1L4D5p+W6yI
=1XTo
-----END PGP SIGNATURE-----