
Trevor Perrin requests removal of NSA from IETF Crypto Review - tptacek
http://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html
======
tptacek
Two things you did not know before this post but know now:

* The IETF has a dedicated crypto review board, the CFRG, which approves or pokes holes in the cryptography used by other IETF standards.

* The chair of the IETF CFRG is an NSA employee (Kevin Igoe, one of the authors of the SHA1 hash standard).

I just learned these things a couple weeks ago. I am not generally a believer
in the theory that NSA actively subverts Internet standards†. But even I think
that it's crazy for an NSA employee to chair the CFRG.

 _In case you 're wondering: Trevor Perrin is widely respected professional
cryptographer. Most cryptographers work for university math departments.
Perrin worked for years as a staffer for Paul Kocher, the godfather of side
channel attacks, at Cryptography Research. He's the designer of the new
forward secrecy ratchet for OTR (Axolotl) and the TACK TLS extension, and a
behind-the-scenes contributor to other IETF crypto standards. Perrin wrote the
pure-Python "tlslite" TLS implementation. If you were to draw a "family tree"
of crypto know-how in the software security profession, a surprisingly huge
chunk of it would be rooted in Perrin (and Nate Lawson and Kocher); for
instance, virtually every modern TLS break came from ideas that Perrin
popularized. 64 current Matasano Crypto Challenges, probably 50 of them I can
trace to Perrin and Lawson._ Trevor Perrin is someone you should pay attention
to.

† _(my best guess is that the standards NSA was actively subverting were about
international telephony; subverting the IETF is a little like subverting the
Linux kernel --- doable, but bad tradecraft)_

~~~
dmix
> subverting the IETF is a little like subverting the Linux kernel --- doable,
> but bad tradecraft

This is a great point. The mailing list and public nature of the standards
process makes it very difficult to subvert, without very high risks of getting
caught and breaking trust in the community. These agencies need to keep hiring
good cryptographers and ideally keep bodies working on standards.

Shows the importance of OSS in security and having people like Trevor Perrin
keeping watch.

But at the same time - if the NSA was going to subvert encryption standards -
I doubt they would subvert the process with someone who is known to work at
the NSA. Intelligence agencies would operate covertly. Most likely by
converting someone trusted in the community into an agent, or grooming their
own agent straight out of high school/university and getting them to a point
of influence in the community (over a long period of time) and _only then_
having them damage crypto standards. < this is standard tradecraft.

~~~
Timmmmbob
Bullshit. Subverting the Linux kernel would _easily_ be within the
capabilities of the NSA.

Kernel contributors aren't background-checked so all you need to do is to pay
someone to do some legitimate kernel hacking in a sensitive area. Then in one
of their commits slip in a backdoor.

"But noooo the many eyes will see the backdoor!" you say.

This is clearly false. If it were true Linux would have no security bugs at
all. Since old security bugs continue to be found, it follows that it is
possible to have a security bug that goes unnoticed for many years. See also
the underhanded C contest.

Hell maybe it has already happened. Who is to say the latest Linux security
bug wasn't deliberately introduced by the NSA?

I don't think this is paranoia - it would be fairly easy for the NSA to do,
very useful and almost completely deniable. I would do it if I were them. They
certainly wouldn't _not_ do it for moral reasons because they've shown they
don't really have any.

~~~
zxcdw
So there's nothing which keeps you from assuming Linux kernel wouldn't be
backdoored by NSA, right?

~~~
rjzzleep
correct.

------
declan
Perhaps it's time for a new IETF default: No NSA employee should be chair of
an encryption-related working group.

If the NSA wishes to change that rule in the future, it can publicly ask
Congress to enact a law making it a federal felony for a government employee
or contractor to try to subvert, compromise, or weaken public encryption
standards. (That would still allow the NSA to subvert, compromise, or weaken
proprietary Chinese or Russian military encryption standards, if it is capable
of doing so.)

Until the NSA requests such a federal law -- and it's duly enacted -- it seems
folly to encourage the participation of its employees in the IETF process, let
alone granting them a position as chair of an encryption working group. Put
another way, the NSA's signals intelligence mission has eclipsed its
information assurance mission.

Even President Obama's NSA review group that came out with a report this week
recommended that the agency "should not" weaken commercial encryption
software. Why not a "must not?" p36:
[http://www.whitehouse.gov/sites/default/files/docs/2013-12-1...](http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf)

~~~
teddyh
> No NSA employee should be chair of an encryption-related working group.

This makes me think: What is the basis of trusting _any_ organization or
person not to have their own agenda, possibly contrary to the group’s
ostensible agenda?

The basis is this: We have a tacit assumption that all participants have
realized that better standards (and strong crypto, more secure systems) will
lead to the betterment of all. This is the default assumption.

However, now that the U.S. government, and the NSA and its collaborators in
particular, have been _shown_ to explicitly _not_ have this goal – in fact,
their goal has been to strive for _less_ secure systems and _more difficult_
standards ­– what should be done? The logical thing to do is to exclude any
person or organization revealed to have an agenda explicitly contrary to the
group.

The same argument could be made (and has been made many times in the past) for
Microsoft to be excluded from any and all standardization committees like ISO,
IEEE, IETF, etc. for the same reason – their repeated practice of Embrace,
Extend & Extinguish among other things shows them to have an agenda contrary
to the group, and their participation would therefore be a detriment, not an
asset.

~~~
bmelton
I'm as against the NSA's activities as anybody can be, but I don't think this
is a fair statement.

> their goal has been to strive for less secure systems and more difficult
> standards

I don't think, specifically, that they're looking for weaker standards. Weaker
standards would allow for competing governments to have just as much access as
the NSA does. I think they'd prefer stronger standards, but that they _still
have the key to_.

In short, I don't think they want cheaper locks, they want better locks, and
master keys.

Edit: Everything else you said is spot-on.

~~~
teddyh
A lock to which someone unauthorized has the master key is a weak lock. A
cryptosystem which the NSA has access to is a weak cryptosystem.

------
slashdotaccount
By the way, this submission is getting up so slowly (despite the upvotes)
because its title contains "NSA" (which automatically penalizes the submission
as revealed earlier).

~~~
endianswap
Can you link to this revelation, please? Thanks!

~~~
sp332
[http://www.righto.com/2013/11/how-hacker-news-ranking-
really...](http://www.righto.com/2013/11/how-hacker-news-ranking-really-
works.html)

 _It appears that any article with NSA in the title gets an automatic penalty
of .4. I looked for other words causing automatic penalties, such as awesome,
bitcoin, and bubble but they do not seem to get penalized.

I observed that many websites appear to automatically get a penalty of .25 to
.8: arstechnica.com, businessinsider.com, easypost.com, github.com, imgur.com,
medium.com, quora.com, qz.com, reddit.com, rt.com, stackexchange.com,
theguardian.com, theregister.com, theverge.com, torrentfreak.com, youtube.com.
I'm sure the actual list is longer._

------
RyanZAG
The next message in the thread is interesting too: [http://www.ietf.org/mail-
archive/web/cfrg/current/msg03555.h...](http://www.ietf.org/mail-
archive/web/cfrg/current/msg03555.html)

A request to replace him with Bruce Schneier.

~~~
tptacek
Bruce Schneier is not a great pick for this role. The CFRG is an extremely
technical working group; the CFRG chair needs to be intimately familiar with a
broad selection of modern cryptography. By way of example, Schneier is
avowedly unfamiliar with elliptic curve. Schneier is a great popularizer of
cryptography, but there are much better choices for the person whose job it
will be to spot errors in other standards.

~~~
yid
DJB! If you could get him out of his cave at UIC.

~~~
tptacek
The irony of Daniel Bernstein chairing the IETF crypto review board is so
potent that I got a small nosebleed just thinking about it. But, nomination
emphatically seconded.

For what it's worth, Bernstein spends most of his time in Europe these days.

~~~
bdhe
Now this might be just gossip-mongering, but care to enlighten us on why djb
on the IETF crypto review board would be potent irony?

~~~
tptacek
You'd need to have followed Bernstein's other adventures with IETF standards
groups, particularly the DNS standards debacle.

~~~
maaku
I think that's rather the point. Bernstein has had the constitution to call
out the nonsense of the NSA-influenced IETF working groups before it was
fashionable to do so. I don't think it'd be ironic to consider him as a
replacement for an NSA employee on the way out due to that concern.

~~~
Beltiras
More just deserts than irony?

------
netman21
I have shared similar concerns about the NSA's involvement with the Trusted
Computing Group and called for TCG to repudiate the NSA.

~~~
salient
What the hell? And people are still skeptical about trusted computing having
backdoors?

~~~
conformal
TPM uses 2048-bit rsa keypairs that are hardwired into the hardware. gee, i
wonder if someone can get into them...

derp

------
yeukhon
I want to raise an issue that people often ignore. We put the government's
fault onto an employee's fault.

But I will state my position clearly: I do think the resignation is a good
thing. I don't agree with the word "removal".

The biggest problem to me is not about NSA involvement, it is how WE treat
people who work at NSA and other government intelligence agency. If the fear
of a single man is what makes the issue hot, I beg to differ. You can disagree
with him and not pass the standard. If the whole committee thinks there is
something fishy, I see no reason why the proposal would get through the
internal draft. It is that distrust.

My school and many schools out there would send out internship notice; if you
are a public school one of those would be government internship and among them
is NSA and FBI.

How do we treat these kids in the future? How should we treat our future or
current co-workers who had worked as contractor or done internship at NSA, FBI
and CIA?

Do we trust them?

The fact that "NSA [employees] ( _edit_ , response to
[http://www.ietf.org/mail-
archive/web/cfrg/current/msg03556.h...](http://www.ietf.org/mail-
archive/web/cfrg/current/msg03556.html)) should not be in any position in the
cryto committee" is too far. He should resign in fact, to avoid interest
conflict; people don't trust NSA right now. But how are we treating these
employees? Have we asked him privately? Should this email be in the public in
the first place? Have they ever had a private conservation about this? I think
like it is more of an attack and a warning to all NSA-title employees that
they should never reveal their affiliations, even on resume.

Since everyone does things differently, some will never join NSA and some will
for either money or technical development or patriotism, how do we as people
treat these employees?

I am upset that when people look down at them and think they are rat. This is
a stronger ethic issue that few notice. The whole "removal" sounds like "one
ought not be an NSA employee." Being someone new to security and admire open
standard and fear of backdoor, I think it is nicer and professional if that
has been raised to Kevin Igoe first privately.

From the way the mail is phrased: it never happened.

~~~
semiel
I'm happy to state it directly:

One ought not be an NSA employee.

~~~
yeukhon
That's rather radical and unprofessional to say.

One can say such thing to Google, Facebook, Adobe or any company out there if
they dislike that company. Any nsa contractor who depends on government
contract to feed their families - is it wrong? If I can't find a job at
private industry but NSA hired me for 3 months is it wrong that I did it for
the money for my family? How would you know that was my story? You won't and
you will just penalize me for being a contractor once.

And people have different degree of tolerance and standard for patriotism. i
don't endorse what they do, but that's exact false attitude we have toward NSA
affiliations. We put government's fault onto the workers and it is wrong.

~~~
bandushrew
"That's rather radical and unprofessional to say."

In what sense is it unprofessional?

"Any nsa contractor who depends on government contract to feed their families
- is it wrong? "

in a moral sense? who knows. but from a practical sense it genuinely does mean
I cannot trust you. hey, I understand what you are saying - and I sympathise,
but at the end of the day there are clear, solid reasons why I cannot trust an
ex NSA employee.

"And people have different degree of tolerance and standard for patriotism. i
don't endorse what they do, but that's exact false attitude we have toward NSA
affiliations."

working for the NSA is not patriotic. it is the opposite of patriotic. it is
associating with sneaky people who deceive and lie.

~~~
yeukhon
Unprofessional because we put the government's fault onto an employee's fault.
Let's take a secretary. There is no technical skill she did. She was just a
secretary under some general at NSA. Sure she could be a spy.

So now every NSA employee is marked as "untrustworthy".

If I may allowed to be radical in my own response, isn't this what the red
scared is all about. You are a friend to X who is a known communist and now I
cannot trust you. You were a secretary for this communist spy, I cannot trust
you even though you didn't know. You just deal his daily accounting.

There are simply people who work for NSA for reason like employment.

> working for the NSA is not patriotic.

Yes, I will agree that jeopardizing democracy and liberty is not patriotic.
But I am saying from the guy who started out at age 20 and thought it was
everything he could do for the country, and now he realized he was wrong. Now
do you trust him?

The ultimate issue is again, we are equating NSA is untrustworthy == employees
are untrustworthy people.

~~~
cheald
"The NSA" is a collection of people acting in a certain manner. It cannot be
untrustworthy unless its members - its employees - are behaving in an
untrustworthy manner. Associating with an entity that is known to be engaged
in hostile behavior towards you _should_ carry a reputational stain, even if
it wasn't you that "pulled the trigger".

That secretary is facilitating the erosion of our personal privacy and liberty
by logistically supporting the people who are doing the actual dirty work, and
now, she knows it. At this point, her choice is "Continue supporting people
doing bad things and carry the stain that comes with it" or "Stop associating
with people who are doing bad things".

Persons who engage or support the kind of behavior that the NSA is engaged in
_are_ untrustworthy and should be treated as such. You don't have to be the
actual guy tapping data lines to be complicit. Shoving it off of "the
employees" and onto "the NSA" is a copout.

~~~
yeukhon
> Persons who engage or support the kind of behavior that the NSA is engaged
> in are untrustworthy and should be treated as such. You don't have to be the
> actual guy tapping data lines to be complicit. Shoving it off of "the
> employees" and onto "the NSA" is a copout.

No, that is not. You are making the same mistake that "because I work for
someone evil it means I must be evil too." You are assuming every single
person who have or is currently working for NSA must be evil. Just because
someone accepts that having a job is important than public good at some point
does not make them less untrustworthy. You can have someone who donates to
good causes all the time, does a lot of community work and yet when he quits
his job because he is sick of NSA or because he just want a better job and now
he can't because he was with NSA.

This assumption is wrong; you are equating government to its workers. If so,
should anit-war people look at our American soldiers evil too? Because people
are following orders?

If I work for a Mafia boss, you know, take care of his house so that he can be
comfortable and safe at home, am I supporting to the cause? If a German
citizen was supplying raw materials to Nazi is that citizen a Nazi and evil
when he was just making a living for his family while he absolutely hate
Hitler and Nazi?

~~~
sedev
But it's also wrong to say that an institution and its members are completely
separate. They aren't and can't be. There is no institution without members,
and there are no members without an institution to be a member of. You've got
to deal with them as entangled, and treat them as such. There are _varying
degrees_ of responsibility for acts that we attribute to an institution,
because generally we're talking about institutions with internal hierarchies.
So for example General Keith Alexander is much more culpable than a random
sysadmin. But because of the responsibility-diffusing nature of institutions,
no, you can't completely let members off the hook without also letting the
institution off the hook.

By the way, about your Mafia/Nazi examples: a zealous prosecutor could easily
charge the housekeeper, and the police and FBI would certainly lean on them a
bit whilst investigating the boss. That's totally commonplace. Meantime, in
the case of the literal Nazis, yes, there were in fact consequences for such
people (leaving aside that you've constructed that scenario very poorly).

~~~
yeukhon
I never argue they are not morally responsible for what they do. But arguing
that we need to look at the issue of discrimination being a current or ex-NSA.
How would that affect employment. Will major employer like Google or open-
source giant like Mozilla, reject people for the sake of being NSA?

That's my issue I want to discuss. If we are striving for a better society,
discrimination should be minimized. If we keep discriminate them, penalize
them, the only job they will ever have is NSA job.

I think now this point is clear why it is important to look at the effect and
the moral issue of how we treat them.

And to many, it is NSA is evil, every NSA employee is evil. and that's a big
issue.

~~~
cheald
> _If we are striving for a better society, discrimination should be
> minimized._

Bullshit. Discrimination is the foundation of a sane society. Unjust
discrimination with no bearing on one's ability to do a job (such as on the
basis of one's genital configurations or preference of who you like to smooch)
should be minimized, but you absolutely must be _discriminating_ about you who
choose to work with. After all, if we really wanted to minimize
discrimination, we'd just hire people for any job without any consideration
towards their capabilities, experience, or work history.

Being cautious about hiring potential employees because their work history
demonstrates that they may be a threat to the security and reputation of your
company is a damned good reason to discriminate.

------
pvnick
It's been interesting watching the reactions to these revelations from the
more skeptical folks. Tptacek, have there been any stories (besides this one I
suppose) that have really surprised you and struck you as unreasonable
overreach?

~~~
tptacek
Uh, I think pretty much all of it is overreach. The FISA 215 metadata stuff
was particularly bad.

The only stuff that doesn't upset me is genuine foreign intelligence. The NSA
can listen in on the Israelis as much as they want, as far as I'm concerned;
the Israelis sure as shit listen to us.

------
infinity0
the thread is just warming up... I'm half-expecting Kevin Igoe to "reveal his
true form" and turn into that giant NSA octopus clutching a shit load of
ethernet cables that they thought it was a good idea to paint somewhere.

------
wreegab
> "Not seeing a major conflict of interest is worrying in itself"

The rationalization from some posters in the thread of why he shouldn't be
removed is scary.

~~~
Maneatingcow
You've got the meaning of this statement entirely backwards.

