On 2013-10-04 08:54, Eric Murray wrote:
NSA can act through people outside NIST too.
Committees tend to wind up controlled by evil conspiracies. That is another advantage of having standards set by an unelected president for life instead of a committee.
A committee multiplies the points of access for the conspiracy, while diffusing the responsibility for their misdeeds.
By focusing on NIST we miss the larger problem. Any cryptographer or security engineer can be compromised (or more likely, make a mistake). A good standard uses a public process, is well understood, has been examined by outside experts, and has no magic values.
We have all participated in committees, and know their propensity for stupidity, madness, and evil.
If one particular good cryptographer is disproportionately influential, his work will be well understood and examined by outside experts.
The more influential he is, the more examined he will be, and thus the more he will deserve to be influential, even if the initial reasons for his influence are arbitrary and capricious, a result of accident, publicity, and fashion.
As for public process, NIST does not in fact reliably follow its public process
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
