[cryptography] the spell is broken

Jeffrey Walton noloader at gmail.com
Thu Oct 3 21:41:03 EDT 2013


On Thu, Oct 3, 2013 at 9:26 PM, Jeffrey Goldberg <jeffrey at goldmark.org> wrote:
>...
>
> I would put it more strongly than that. I think that NIST needs to be punished. Even if Dual_EC_DRBG were their only lapse, any entity that has allowed themselves to be used that way should be forced to exit the business of being involved in making recommendations on cryptography. I don’t have to think that they are bad people or even that they could have prevented what happened. But I think there needs to be an unambiguous signal to every other (potential) standards body about what happens if you even think of allowing for the sabotage of crypto.
>
We could not get rid of Trustwave in the public sector (so much for
economics). There's no way we can get rid of the US agency responsible
for crypto standards (government is not held responsible for the act
or accountable after the act).

Jeff


More information about the cryptography mailing list