I still wonder why Filippo tried to frame Dan Bernstein's FOIA lawsuit in a negative way [0]. I see it as important and given the NSAs history with Dual_EC_DRBG I think it's perfectly valid to suspect influence from them in the post-quantum crypto standardization process with the goal of trying to push cryptography they can break.
The NSA been caught with their hands in the cookie jar so many times that they deserve extreme suspicion if not outright distrust.
Some may argue that DJB has personal or social failings but he has never been caught compromising a crypto system. Any individual who did wouldn't not by credible anymore in the community, a government agency however is constantly welcomed back to the table.
> Accusing scientists of taking bribes or (previously) plagiarism is wildly unprofessional.
This statement is either naive or purposefully misdirecting the audience. Anyone working in security knows that insider compromise includes a lot more than just monetary bribes - even a paragon of ethics has friends, family and their own personal safety they care about.
Time will tell who is right. I find it weird that they are pushing back on this. There's plenty of poor quality paper publishing with shoddy peer-review. We need more peer reviewers who are openly critical, not less.
One thing is not trusting the NSA, another is being asked to dismiss the work of well-know independent academics because they engaged in an open selection process run by NIST without any objective proof of technical issues.
Again, the FOIA is good, the framing and FUD is harmful and part of a pattern that might be hard to see outside the community.
> One thing is not trusting the NSA, another is being asked to dismiss the work of well-know independent academics because they engaged in an open selection process run by NIST without any objective proof of technical issues.
The selection process wasn't as open and transparent as one would like given the importance of cryptographic standards. I think we agree there, as you also think that the FOIA is good - which means that there needs to be more transparency.
It took 6 years until there was proof that Dual_EC_DRBG really has a backdoor, which has been suspected since the beginning. Shouldn't we be extra cautious this time? If there was some backdoor again, it might take years before it is discovered.
> Again, the FOIA is good, the framing and FUD is harmful and part of a pattern that might be hard to see outside the community.
Could you explain which pattern you see there for us outside of the community? So far I don't see harmful FUD or a framing that is baseless, I see concerns that I feel are valid because of lacking transparency and the NSA's history of interfering with NIST's standardization processes. Why do you think that these concerns are harmful?
[0] https://twitter.com/FiloSottile/status/1555669786826244096