Time for IETF witch hunt? (was: NSA Co-Chairs of Crypto Forum Research Group, Legitimacy of WebCrypto API in Doubt)

Griffin Boyce griffin at cryptolab.net
Sat Oct 25 10:32:02 PDT 2014


   It's fairly straightforward to uncover someone's financial and public 
ties to various organizations by looking through public records.  But 
mentioning this possibility among peers is a bit of a conversation 
killer.  No one wants to risk invading the privacy of someone who 
doesn't deserve it (which is virtually everyone with NIST or IETF).

   Incidentally, when I mentioned this to a researcher who grew up in a 
horribly oppressive society, his response was "Why would you not do this 
kind of research?"  So then I was in the awkward position of explaining 
that A) most people care about their careers, B) people don't want to 
invade others' privacy, C) the risk of false-positives is non-zero.

   Do I think that people with suspicious financial ties should be outed? 
  Sure.  But no one wants to do that.  No one wants to be the messenger.

TL;DR: people love handrwringing, hate even mild risk.

best,
Griffin

ps: nah, I don't think that the legitimacy of the WebCrypto API is in 
doubt


Nicolas Bourbaki wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Is this a victory? Has anything been learned from the process? We know
> that regime changes are meaningless if the means of governance are not
> also reformed.
> 
> In July of 2013 JFC Morfin registered an appeal [1] to the IAB (IETF
> governing body). He asked the IAB to consider how the concept of a
> protocol should account for social and ethical requirements. The IAB's
> response [2] was terse. It showed that these governing bodies lack the
> means and will to consider how the tools they develop effect people.
> 
> We sit in a time where the architect of good citizenry is being
> increasingly dictated by undemocratic institutions. We are quickly
> trading space beholden to social contracts of the commons for those
> built by neo-liberal corporations. The ethics of "the protocol" is
> dictated by whichever company provides the most coffee and cake for the
> next workgroup meeting. I think the argument of "GeoIP as a threat to
> democracy" [3] provides an example rhetoric illustrating why concern 
> for
> this is so important and why perhaps a witch hunt within the IETF is in
> order.
> 
> 1.
> http://www.iab.org/wp-content/IAB-uploads/2013/07/appeal-morfin-2013-07-08.pdf
> 2.
> https://www.ietf.org/mail-archive/web/ietf-announce/current/msg11697.html
> 3.
> https://cpunks.org/pipermail/cypherpunks/2014-July/005037.html
> 
> On 23/10/2014 20:30, odinn wrote:
>> As a (hopefully final) note to this particular issue, please note
>> the resolution at:
>> 
>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839#c64
>> 
>> The NSA co-chair is resigning, and it appears the Working Groups
>> are moving ahead without the involvement of that co-chair, for
>> example:
>> 
>> (see comments 61 and 62 at)
>> 
>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618#c61
>> 
>> Cheers,
>> 
>> 
>> -Odinn
> 
> 
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBAgAGBQJUS4SzAAoJEHi6xtksL8/uwzcP/01mXaZiWgfcR6QEo7te2iC2
> ECGnIHCXmHT4amxPDtjWGWJwPaY7ZY3k4c328gx/hOewS1a2BYU1LIpv9nJ2Hq/P
> B96QciRIJG4lIzaoYUE72RyvorEUOyB5VDzDTzx5McqAkW0STReJSTJKlg9G30He
> vJ7wrDBS3VB1G8kY32i39fEDPJMm4vlv+1n2R9FM6lSXyD/QCuTQQQzrqA1Z9XCD
> Y+8r6XNhN0+H5oMRyutQV9qJp6+BNXJLl3rQBi8JPtxtKxNCa3kbdt1bINjWy/2J
> fheKL6gUynX/EpL0epNnX1OgXWHd6SjnEjPZj08w142UQT7aEL5W1WHi/nbdKx1u
> uZIkEoAzJq0Gb/Bnumon0R3WA+xU2tqPF/BGr2kFCvws8PgQr6K5lZEmzLcu0AyV
> dGABC921MLA2scOqRSTmaYiVgVMrp8JAkjxwHe7TSJIh94M7e2GzbVnkkzeJhyEF
> pSpK6lkSJrq0lDlqN6njKB0P+myBEh3a0kPBoK93UfaFYD36elOBjvdIKN4mBMp1
> 1b2nC/0jrpjtfWe8gGwOhLXBeCDLunVJWLG47x4JhRy4YwTfBZicFs1rdoyOQBkd
> zoPTlOoBShYV87ERdPvWrRzdwa0fcFeJhXuFHL4OIc+nPRU1ged1TPnNkjfZW6Az
> E0ig0q8YefURxuz4BPBN
> =5/1u
> -----END PGP SIGNATURE-----

-- 
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman



More information about the cypherpunks mailing list