[cryptography] [Cryptography] basing conclusions on facts
iang at iang.org
Sun Jun 15 14:16:59 EDT 2014
On 15/06/2014 14:37 pm, Stephen Farrell wrote:
> I've no public opinion on Certicom's patent practices. And the
> behaviour of the signals intelligence agencies has been IMO
> deplorable. So I sympathise with some of what you are saying.
> However, building your case on bogus claims that are not facts
> as you are pearly doing is a really bad idea. In particular...
> On 15/06/14 14:13, ianG wrote:
>> What is also curious is that Dan
>> Brown is highly active in the IETF working groups for crypto,
> That is not correct as far as I can see. In my local archives,
> I see one email from him to the TLS list in 2011 and none in
> 2012. For the security area list (saag), I see a smattering
> of mails in 2011 and 2012 and none in 2013. For the IRTF's
> CFRG, I see a few in 2010, none in 2011 and some in 2012 and
> 2013. I do see increased participation over the last year on
> the the DUAL-EC topic.
> None of the above is anywhere near "highly active" which is
> therefore simply false.
> And I don't believe you yourself are sufficiently active to
> judge whether or not someone else is "highly active" in the
> IETF to be honest. Nor do you seem to have gone through the
> mail list archives to check.
For my part, I had seen his name only with respect to IETF WGs. However
I admit that I do not follow IETF security WGs closely, so am not
qualified to assert "highly active." You are right, I am wrong.
> You are both of course welcome to become highly active if you
> do want to participate, same as anyone else.
>> weight to the claim that the IETF security area is corrupted.
> And that supposed conclusion, based only on an incorrect claim,
> is utter nonsense. I would have expected better logic and closer
> adherence to the facts.
> Yes, the IETF security area needs to do better, and quite a few
> folks are working on that. Yes, its almost certain the someone
> was paid by BULLRUN to muck up IETF work. Nonetheless unfounded
> misstatements such as the above don't help and are wrong. And
> the correct reaction is to do better work and not to fall for
> the same guily-by-association fallacy that the leads the spooks
> to think that pervasive monitoring is a good plan.
I had a long post addressing this issue, but as it takes us further from
the subject at hand, I'll pull my head from out of the rabbit hole.
More information about the cryptography