On Sun, Apr 27, 2014 at 7:45 PM, Arshad Noor <[email protected]> wrote: > On 04/27/2014 10:33 AM, Ben Laurie wrote: > >> http://www.links.org/files/SimplySecure.pdf > > > Ben, > > As noble as the goals are of this initiative, the solution is > likely to be accepted only in UK and the USA - only because it > appears that the people behind this effort are from those two > countries. Given Snowden's revelations, why should anyone > outside these two countries trust anything crypto emanating > from the US & UK? >
It's reassuring that the political, moral and ethical views of everyone in a country all line up perfectly. This allows me to immediately trust the views of everyone from *my* country, while also being wary of those from all *other* countries. Certainly makes discriminating against others much simpler... Or is that not what you are saying? > If we really want to see a universal crypto-protocol that works > across the internet, the team that designs it must have > representation from the US/UK's allies and enemies. > If there > are weaknesses in the design, then everyone stands to lose (and > hopefully, the protocol never sees the light of day); if it is > strong enough, then everyone is protected. Yes. > > I believe Bruce Schneier wrote that the US has proven itself > to be a poor steward of the internet; Errr, hang on, you mean Bruce Schneier, that chappie with the pony tail *from the US*? Didn't you just say that stuff from people from the US and UK cannot be trusted? Please, don't assume that just because the NSA, GCHQ, etc did crappy things that everyone in the US and UK supports this behavior. If things were as black and white as you are implying, the NSA would simply fund folk in other countries, and the result would pass the sniff test. Output should be judged based upon review of the technology, and the individuals involved, not simply by the flag on the front of the box... > to that extent if we want > (reasonably) universal trust in a new crypto-protocol, its > design must have representation from anyone that has a stake in > it; anything less will only end up in balkanizing the internet > from a crypto perspective. Yes, 100% agree -- but I didn't see anything in the job posting that said "US Citizens Only, please send front page of passport as proof." or similar. In fact, the job posting says: "By a leader we mean our first hire and the person who will build this **global project.**" (emphasis added). Yes, there is a perception problem here -- but I think that choosing a security solution based upon nationalistic lines is dangerous.... > > Arshad Noor > StrongAuth, Inc. Sunnyvale, CA 94086 USA > > P.S. Note that the solution to the problem cannot merely be a > technical one; crypto is a political tool, and in a borderless > internet, the solution to the problem must account for the > politics of trust. > Sorry, I suspect that I may have just gotten up on a soapbox and gone on a bit of a rant -- I might be overly sensitive to this topic. I was born in South Africa and now live in the USA. For the first while, people meeting me assumed that I supported apartheid simply because of the fact that I was a white South African. The "don't trust technology X because a UK / US / Hungarian touched it" meme feels similar to me... Full disclosure: I happen to work for Google (but hadn't heard about this till now). Speaking as an individual (who hasn't has his morning coffee and is a little grumpier than usual today...) > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
