[cryptography] basing conclusions on facts (was: Re: Dual EC backdoor was patented by Certicom?)

Stephen Farrell stephen.farrell at cs.tcd.ie
Sun Jun 15 09:37:53 EDT 2014

I've no public opinion on Certicom's patent practices. And the
behaviour of the signals intelligence agencies has been IMO
deplorable. So I sympathise with some of what you are saying.
However, building your case on bogus claims that are not facts
as you are pearly doing is a really bad idea. In particular...

On 15/06/14 14:13, ianG wrote:
> What is also curious is that Dan
> Brown is highly active in the IETF working groups for crypto, 

That is not correct as far as I can see. In my local archives,
I see one email from him to the TLS list in 2011 and none in
2012. For the security area list (saag), I see a smattering
of mails in 2011 and 2012 and none in 2013. For the IRTF's
CFRG, I see a few in 2010, none in 2011 and some in 2012 and
2013. I do see increased participation over the last year on
the the DUAL-EC topic.

None of the above is anywhere near "highly active" which is
therefore simply false.

And I don't believe you yourself are sufficiently active to
judge whether or not someone else is "highly active" in the
IETF to be honest. Nor do you seem to have gone through the
mail list archives to check.

You are both of course welcome to become highly active if you
do want to participate, same as anyone else.

> adding
> weight to the claim that the IETF security area is corrupted.

And that supposed conclusion, based only on an incorrect claim,
is utter nonsense. I would have expected better logic and closer
adherence to the facts.

Yes, the IETF security area needs to do better, and quite a few
folks are working on that. Yes, its almost certain the someone
was paid by BULLRUN to muck up IETF work. Nonetheless unfounded
misstatements such as the above don't help and are wrong. And
the correct reaction is to do better work and not to fall for
the same guily-by-association fallacy that the leads the spooks
to think that pervasive monitoring is a good plan.


More information about the cryptography mailing list