[governance] NSA sabotage of Internet security standards
Norbert Bollow
nb at bollow.ch
Tue Sep 17 05:31:41 EDT 2013
I wholeheartedly agree with Suresh here. The expertise which is
required for this is of a kind that no-one can acquire without spending
significant time on learning not only the math which underlies these
algorithms and at least the basics of the theory of computational
complexity, but also the use of various techniques of cryptoanalysis.
Greetings,
Norbert
Am Tue, 17 Sep 2013 13:23:41 +0530
schrieb Suresh Ramasubramanian <suresh at hserus.net>:
> ok that last paragraph has a tangible action item
>
> build up the necessary expertise. or get people with the necessary
> expertise on board, given that crypto is the sort of thing that
> normal security practitioners will generally have an applied
> knowledge of, rather than the indepth knowledge of cryptography
> required to analyze this issue.
>
> --srs (iPad)
>
> On 17-Sep-2013, at 13:02, Norbert Bollow <nb at bollow.ch> wrote:
>
> > Suresh Ramasubramanian <suresh at hserus.net> wrote:
> >
> >> This is a bit of a contradiction
> >>
> >> 1. You +1 norbert saying that international civil society should
> >> not participate in this process
> >>
> >> and
> >>
> >> 2. You hope that untainted top US cryptographers follow their UK
> >> colleagues. If the UK colleagues are expected not to participate
> >> in this process ..
> >
> > There is of course no contradiction between US cryptographers
> > participating in US national processes and them at the same time
> > following the example of UK colleagues in jointly making a clear
> > political statement.
> >
> > That said, as soon as an internationally credible review process
> > for crypto specs has been established, I would certainly hope that
> > some US cryptographers will be participating there.
> >
> >> As it is, cryptographers from the USA are very active on this - and
> >> not all of them are NSA stooges, strange as it may sound in the
> >> paranoia laden atmosphere here.
> >
> > I don't think that it is paranoid to think that the percentage of US
> > cryptographers with true independence from them US surveillance-
> > industrial complex is probably very small.
> >
> > Even a tenured professor is not independent in this sense if he or
> > she for example desires to undertake a research project for which
> > research funding might conceivably come from such sources.
> >
> > This relates to the very fundamental question about what is “civil
> > society”. My view is that only people and organizations are
> > qualified to be considered “civil society” who are truly
> > independent of all industry and government interests in regard to
> > the topic areas on which they engage.
> >
> > That is not to say that everyone else is “NSA stooges”. Of course
> > that is not the case.
> >
> > But civil society in the above mentioned mentioned strongly
> > independent sense, especially organizations that already have
> > expertise in regard to Internet governance processes etc, need to
> > realize now that having political science expertise, even together
> > with a general understanding of the Internet, is not sufficient for
> > ensuring that democracy has a future on this planet.
> >
> > With the NSA's actions, crypto specs have become a key battleground.
> >
> > For that reason, civil society orgs need to invest in first
> > building up the necessary expertise for being able to competently
> > engage in this topic area, and then in doing whatever it takes to
> > get an internationally credible review process for crypto specs
> > established.
> >
> > Greetings,
> > Norbert
> >
> > --
> > Recommendations for effective and constructive participation in IGC:
> > 1. Respond to the content of assertions and arguments, not to the
> > person 2. Be conservative in what you send, be liberal in what you
> > accept
> >
> > ____________________________________________________________
> > You received this message as a subscriber on the list:
> > governance at lists.igcaucus.org
> > To be removed from the list, visit:
> > http://www.igcaucus.org/unsubscribing
> >
> > For all other list information and functions, see:
> > http://lists.igcaucus.org/info/governance
> > To edit your profile and to find the IGC's charter, see:
> > http://www.igcaucus.org/
> >
> > Translate this email: http://translate.google.com/translate_t
>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list