Hacker News new | past | comments | ask | show | jobs | submit login

> No NSA employee should be chair of an encryption-related working group.

This makes me think: What is the basis of trusting any organization or person not to have their own agenda, possibly contrary to the group’s ostensible agenda?

The basis is this: We have a tacit assumption that all participants have realized that better standards (and strong crypto, more secure systems) will lead to the betterment of all. This is the default assumption.

However, now that the U.S. government, and the NSA and its collaborators in particular, have been shown to explicitly not have this goal – in fact, their goal has been to strive for less secure systems and more difficult standards ­– what should be done? The logical thing to do is to exclude any person or organization revealed to have an agenda explicitly contrary to the group.

The same argument could be made (and has been made many times in the past) for Microsoft to be excluded from any and all standardization committees like ISO, IEEE, IETF, etc. for the same reason – their repeated practice of Embrace, Extend & Extinguish among other things shows them to have an agenda contrary to the group, and their participation would therefore be a detriment, not an asset.




I'm as against the NSA's activities as anybody can be, but I don't think this is a fair statement.

> their goal has been to strive for less secure systems and more difficult standards

I don't think, specifically, that they're looking for weaker standards. Weaker standards would allow for competing governments to have just as much access as the NSA does. I think they'd prefer stronger standards, but that they _still have the key to_.

In short, I don't think they want cheaper locks, they want better locks, and master keys.

Edit: Everything else you said is spot-on.


A lock to which someone unauthorized has the master key is a weak lock. A cryptosystem which the NSA has access to is a weak cryptosystem.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: