[liberationtech] [Cryptography] Opening Discussion: Speculation on "BULLRUN"

Sat Sep 7 11:46:18 PDT 2013

On Sat, Sep 07, 2013 at 12:26:22PM -0400, Jonathan Wilkes wrote:
> Hi Eugen,
>      When Bruce Schneier made the call for people to come forward
> and describe being asked to degrade standards or build backdoors
> I don't think this is what he meant.

Bruce is a cool guy, but nobody died, and made him king.

> Mr. Gilmore seems perfectly happy to give us enough details to
> be able to find the identity of a "suspicious" Kernel dev, but he
> refrains from identifying the NSA employees and their friends.

We have evidence that NSA is using social engineering to weaken
protocols and implementations. Incidentally, when it comes to IPsec 
this pattern has been independently corraborated by other parties I 
happen to trust. This is no proof, but we need to become very
careful about preventing such security meltdowns in future.
Because this *will* happen, again.

> If he can write without reservation that he knows someone had
> longstanding ties to the NSA, he obviously knows who this person
> is.  Deanonymizing the person from the free software world while

Come on, that the mainline inclusion is a major political
snakepit is pretty well known. I don't know whether spooks
are pulling strings behind the scene to fan the flames, but
if they don't they're really lousy at their job.

> granting anonymity to someone with ties to the NSA isn't fair, isn't
> helpful, and most of all it isn't intellectually responsible.

I can tell you that I would be very interested who commited
all the crypto regressions into Debian. I really hope that 
someone is going to review the checkin history, and writes
a report about it.

> I cannot fault people for failing to be perfect heroes, but I can fault
> them when what may be reasonable fears result in writing that
> speculates where we need it least and lacks evidence where we
> need it most.

This is a war, and there will be innocent people hurt. This is
regrettable, but we didn't start it.

What we need to let go is personal sensitivities. If you check
in crap code that breaks things, whether you're an NSA mole or
just incompetent, it doesn't matter. You need to have your checkin
license revoked.

Same thing applies to package signing secrets of Debian.
Unfortunately, we can no longer afford to be negligent there.