Ask HN: Questions about subversive programmers, NSA inside Mozilla?
http://www.reddit.com/r/netsec/comments/3dgwee/how_the_new_york_times_uses_webrtc_to_gather/
https://webrtchacks.com/dear-ny-times/
In that thread, I noticed something very interesting, that apparently one of the same guys involved in the NSA backed Pentagon paper touting Extended Random on top of Dual Elliptic Curve, Eric Rescorla, is now working at Mozilla, and has some say in keeping the WebRTC setup in Mozilla working like it is.
https://bugzilla.mozilla.org/show_bug.cgi?id=959893
http://www.reuters.com/article/2014/03/31/uk-usa-security-nsa-rsa-idUKBREA2U0U620140331
So far any attempts to get a comment out of Mozilla about hiring someone who was known to participate in weakening crypto has been met with silence as far as I can tell.
The question that this brings up in my mind is what should companies and communities built around those companies do with programmers who have been involved in such subversions? It's entirely possible Eric Rescorla was unaware of the purposeful weakening proposed in the 2008 paper, and that it was the NSA contributor who performed this function, but the fact that Mozilla declines to comment on the matter and that this is a person who has quite a bit of say over a very commonly used browser raises concern.
As leaks like Snowdens become more and more prevalent, how should programmers who have been known to be potentially hostile to user privacy or other user concerns be treated, both by the community and by the companies that employ them?
59 comments
[ 3.4 ms ] story [ 116 ms ] threadIf this dude is in charge of anything non-crypto related then fine, whatever. But if he is responsible for TLS/SSL or similar, then I have "concerns" given their personal history with the NSA and pushing crypto backdoors.
He may have been wrong on Dual EC, but he was far from alone in this case... What was your position at the time again?
The NSA leadership would be utterly incompetent if they have not planted people in the FOSS world.
(I gave a talk about that, google "Operation Orchestra")
edit: s/and/an/
And I have no reasons whatsoever to think ekr could be an NSA mole...
I'm familiar with your writing and believe you could produce any number of valid, incisive critiques of the IETF TLS standards process (I'm no fan of it myself).
That being the case, you might want to be wary that you're unintentionally lending your name to a whispering campaign. The question of whether TLS is inept is orthogonal to the question of EKR's motives. Nobody involved in the IETF TLS effort during OpaquePRF did an especially great job of honing TLS into a coherent and secure transport protocol, but many of them worked very hard and in good faith to try.
Please be respectful. This is not respectful. And it does not help make a rational argument.
They should have all done what snowden did.
They should have all done what snowden did.
A leak isn't a threat, but a false-flag operation is very much in the cards.
I am not saying do not treat them with suspicion and scrutiny.
On the other hand, the tech community has already legitimized social shaming as a method for getting people out of jobs cf. Brendan Eich, and if this is what we're using to make these sorts of decisions, then I can totally get behind the idea of working at the NSA equating to something shameful.
But what's shameful next month?
So. Like most nerds, all I'd really like to see is some consistency.
We shouldn't treat dumb shit like that as any kind of binding precedent. Just because the "tech community" has gone on silly witch hunts before doesn't justify any and all future witch hunts.
Eric is right, it's by design. read the fucking rfc.
It's hard to say. In these cases, the wisest option is "innocent until proved guilty". False positives are worse than false negatives.
Mozilla separates our codebase for Firefox and other projects into discrete units of code or activity, called Modules. An overview: https://wiki.mozilla.org/Modules
Module Owners have final say over the area their module covers, unless they are sub-module, in which case a disagreement can be escalated to the parent module. Module Peers are appointed by Module Owners to help them out based on a history of good contribution. In practice, this roughly means that peers and owners handle code review and merging of code for the code covered by that module.
So, let's look at the list of Modules: https://wiki.mozilla.org/Modules/All
Eric's peer of a few WebRTC-related modules and owner of the Media Transport module, which AFAICT is a submodule of WebRTC, owned by someone else. This is to be expected for someone who has done lots of good work around WebRTC and media.
Reading that bug, as far as I can see he's making public comments on a public bug about his opinions of how something in some open source code should work. He's been recognized by his peers as a skilled (paid) contributor in the area and thus his opinion is valued. He's making arguments, not shutting down people. He's even discussing the issue and asking for a decision from the WebRTC module owner, who has more say over this than he does.
Looks fine to me.
Some have claimed that Eric Rescorla's privacy is being violated. I don't believe that's so, because his role in these matters has made him a public figure.
However, there is a big difference between a "my way or the highway", holier than thou, ass hat developer and someone who is intentionally breaking stuff. Anybody who has tried to use the GNOME desktop using multiple languages that require an IME will know that this kind of stuff happens all the time. No amount of discussion can dissuade some developers from unthinkingly rejecting ideas that aren't their own. Arguments like "I can't use my computer anymore" often don't trump "It will make the design messy". What chance does "We need to warn users about leakage of private information in ways they have no hope of understanding" have?
I'd be pretty uncomfortable tracking people's past associations and deciding what things they are or are not allowed to work on. It reminds me of a McCarthy style blacklist and no matter what the risk, I think that's unacceptible.
I think we need to ask ourselves: why does software freedom exist? My personal answer is so that I don't have to worry about whether someone is intentionally breaking stuff or whether they are breaking stuff because they are stubborn (or stupid -- though the person in question does not strike me as being stupid). We can never force people to act the way we wish them to act, but at least we can provide another option.
Unless evidence of that comes to light, I don't see why his integrity should be questioned.
This is not evidence, but this is a reason for casting suspicion.
His "involvement" with extended-random, so far as we know, is that someone in the Federal Government told him "here is a sketch of something we need to deploy TLS within the US Federal Government" (so far as I've been able to find, nobody has ever recommended that general-purpose implementations should adopt extended-random).
Moreover, if you look at the mailing list at the time, you'll see tens of other TLS standards people looking at extended-random and OpaquePRF, shrugging, and saying "this looks whatever ok fine". Are they all damaged goods? I'm sure there's more than one person who voted this story up who thinks so. That's an especially easy position to take if you're an anonymous rando who hasn't donated a single hour to the IETF.
It is only in the wake of BULLRUN --- which generated enough circumstantial evidence to turn the far-fetched story about Dual_EC into something plausible --- that any crypto person looks at big random blobs with skepticism. Until about 4 years ago, for most professionals, "more random" meant "more secure".
I think this is a recklessly, negligently written abuse of "Ask HN". I flagged it, and I'd ask that others join me. Thank you.
Agreed. It's a thinly veiled, unsubstantiated, accusation shamelessly masked as a question. Easiest flag ever.
Here is a NIST email from 2004 acknowledging that the NSA classified how the Q and P parameters were generated: http://1.bp.blogspot.com/-ax86n-7Rb9U/VLa_Z_iC0WI/AAAAAAAABP...
With this, it's completely absurd to imagine that NSA cryptographers did not discover this possible backdoor, when they were explicitly aware of the relationship of knowing Q and P and knowing the state of the RNG.
Even assuming that the NSA cryptographers were incompetent and did not discover it before the public researchers and classified it for no reason, their continued endorsement for Dual_EC and their $10 million payments to RSA for making Dual_EC the default RNG paints a clear picture that -- yes, it's backdoored, and the NSA intentionally endorsed bad crypto to American companies.
It should also be noted that the NSA's public comments does not deny that the put in a backdoor. "The non-denial denial". And this is not counting the beyond-any-doubt evidence from Snowden that, Dual_EC was concretely part of BULLRUN.
And what this says is that you don't even know what BULLRUN is, but are happy to chime in on a thread about how EKR was an NSA plant. I feel bad singling you out, because I'm pretty sure the person who wrote this idiotic post doesn't know the backstory either.
I would encourage anyone with time/interest in these issues to get to know these people personally if possible and to think critically about their pre-Snowden attitudes toward engineering choices related to privacy/security as reflected in their code contributions or policy decisions, rather than simply wielding pitchforks..
The only hint of an insinuation that he's ever acted against the common interest comes from the fact that his name is also on the Extended Random draft. That's because the supposedly good half of the NSA (the Information Assurance Directorate) asked for that change and needed someone to guide the process through the IETF. Since ekr was so central to the working group and so practiced at it, he ended up writing it as a draft and thus his name got attached.
I bet he seriously regrets that now but, at the time, there was no hint that this was bad. Sure, it was odd, but it was totally plausible that some government process had decreed that some minimum amount of entropy must be included or something so, whatever. Nobody planned to implement it and nobody really cared.
In hindsight, that was naïve—on the part of everyone. But casting aspersions on ekr because of it is just codswallop.
[1] https://www.ietf.org/rfc/rfc4346.txt [2] https://www.ietf.org/rfc/rfc5246.txt
Before the recent whistleblower revelations (2013 - present), there was very little evidence that the NSA was overwhelmingly nefarious. If they had given me a job offer back in the day, I probably would have accepted it. Nowadays, even associating with them can kill your brand (for good reason) and I'll give them a blanket refusal.
This conspiracy theory / slander towards ekr seems ridiculous. Guilt by association doesn't apply here.
We're all for public inquiry into serious matters, but the internet is quick to smear people and I shudder at HN being used that way.
Lack of evidence or credible track record by the accuser makes this indistinguishable from concern trolling. That's a shitty thing to do to another human being, and you can't do it here.
User flags killed the thread before I finished writing my comment, so moderator intervention turned out not to be needed. Had it been needed, we would have done it, but I'm glad the community is on the same wavelength that we are.
If you ask me, he has way more power than elected politicians, excepting US senators, state governors, party leaders, cabinet members, and the president.
Ekr is a keystone in global cyber security infrastructure and being in the spotlight is appropriate.
Unbelievable! A valid line of inquiry. How soon we forget wtf the NSA did.