1. 19
  1.  

  2. 6

    Filippo Valsorda response to this, or via original Twitter link.

    1. 6

      “Don’t ask any questions about the intentions of the known-malicious entity which has recommended secretly known-weak cryptography multiple times in the past on behest of the NSA. Don’t use your legal rights to scrutinize the government. Trust that the NSA and NIST has your best intentions at heart, citizen.”

      Yeah no. It’s the NIST’s responsibility to prove themselves to no longer be malicious. So far, they haven’t.

      1. 4

        This seems disingenuous. Bernstein doesn’t accuse anyone of bribing researchers, he accuses the NSA of hiring them which makes bribing them unnecessary. I think that’s just a matter of public record.

        1. 9

          The underlying things here are that A) a FOIA suit is a pretty standard thing and is not evidence of malice or evidence that the claims advanced about the contest are true (lots of agencies mess up FOIA, for reasons which often are banal, and get sued over it), and B) the documents obtained from it are almost certainly not going to provide any evidence for the claims, either.

          There are basically the following possibilities, in what I think is decreasing order of probability:

          • He wins the FOIA suit and receives the full set of requested documents and they don’t contain any references to nefarious NSA behavior, in which case he can say that he’s being stonewalled and the real documents would vindicate his claims.
          • He doesn’t win the FOIA suit and doesn’t get any documents, in which case he can say that he’s being stonewalled and the documents would vindicate his claims.
          • He wins the FOIA suit and receives a partial or null set of documents with no further explanation, in which case he can say that he’s being stonewalled and the full set would vindicate his claims.
          • He wins the FOIA suit and receives a partial or null set with some sort of Glomar response or similar for why it wasn’t the full set, in which case he can say that he’s being stonewalled and the full set would vindicate his claims.

          Notice how in every possible outcome of the FOIA suit, the result is: “he can say that he’s being stonewalled and the full/real set of documents would vindicate his claims”. That’s an incredibly strong indicator that this FOIA suit cannot return any documents that would support the claims he’s making. Which means – in my opinion, at least – the suit itself is being presented disingenuously. If he wants to go FOIA stuff, by all means FOIA stuff. But it’s not going to provide any evidence for his claims, and in fact we can pre-write the likely followup regardless of the outcome of the FOIA.

          1. 3

            I was really only talking about the bit harping on about the “bribery” accusation (which I think was just really badly written hyperbole)

            1. 9

              Well, you’re right that technically Bernstein doesn’t ever come out and say the exact literal words “I accuse the NSA of bribing researchers”. But the point – and I think this is part of what Flilppo gets at – is that Bernstein’s employing dishonest rhetorical tactics in order to maintain a future claim of plausible deniability when it comes to explicit accusations, despite everyone being able to clearly read the implicit claims he wants us all to notice and take away from what he wrote.

              1. 2

                Yeah, that’s reasonable.

            2. 1

              Notice how in every possible outcome of the FOIA suit, the result is: “he can say that he’s being stonewalled and the full/real set of documents would vindicate his claims”

              What I’m noticing more is that you haven’t listened out every possible outcome. You’ve only listed scenarios that assume bad faith. Yet you don’t even have to assume good faith on his part to get to additional possible outcomes though. e.g. there’s another possibility where he wins in court, gets documents that show internal deliberations, and he claims that the evaluation has not all been public, as claimed by NIST. Even his detractors hang the value of the competition on the public nature of the evaluation. If everyone agrees that is a critical component then verifying it could be in good faith, even if his beliefs extend into the shadow that would be cast over the results.

              1. 2

                Wait, does NIST seriously claim that “all evaluation has been public”? That seems plainly impossible to be true. As a first counterexample, people not on the review board. Do you have anywhere this is actually stated?

                1. 1

                  The language is certainly up for interpretation but Ctrl -F for “Transparency for NISTPQC” to read about his transparency motivations for the FOIA suit.

        2. 6

          If you’ve generally followed his work you can skip the first ~75%.