Notices by Daniel J. Bernstein (djb@mastodon.cr.yp.to)

@eliotlear OK, looks like time for Recusal 101: Do you think that it's okay for U.S. Supreme Court justices with conflicts of interest to not recuse themselves since there's more than one judge on the court? And it's okay for lower-court judges with conflicts of interest to not recuse themselves since there's an appeals process? Do you understand what the purpose of recusal is?

@eliotlear There you go again with these ridiculous "everyone" exaggerations. The actual issue at hand is an IETF security-area directorship being given to an employee of NSA, an organization with a policy and track record of sabotaging security standards.

@rsalz @eliotlear I gave an example earlier in the thread; but, again, the recusal obligation is triggered simply by the appearance of a conflict of interest. https://www.ietf.org/about/groups/iesg/iesg-coi-policy/ says "In cases where a clear conflict of interest exists, an Area Director should normally recuse". It doesn't say "Wait until the evidence of bad decisions is so overwhelming that you feel pressured to do what you would have done without this policy existing in the first place".

@eliotlear Your quote is fabricated. I said he (and others, including me) expressed concerns. Instead of answering, the NSA AD filed WG-creation forms as if discussion had settled. As for your "no industry or government participant" strawman: I'm talking specifically about NSA. That's an organization that internally asked whether cryptographic standards could be made "weak enough" for NSA to break, and that at last report had a cryptographic sabotage budget of a quarter billion dollars a year.

This year IETF appointed a "Security Area Director" whose August 2024 conflict-of-interest filing lists NSA as a source of income: https://www.ietf.org/about/groups/iesg/iesg-coi-policy/ Profile says retired from NSA "with 37+ years of service in Dec 2023", still "working as a Stand-by Active Reservist at NSA".

New blog post "Clang vs. Clang": https://blog.cr.yp.to/20240803-clang.html You're making Clang angry. You wouldn't like Clang when it's angry. #compilers #optimization #bugs #timing #security #codescans

Tracking down some TIMECOP alerts led to a 2021 gcc patch from ARM (https://gcc.gnu.org/git/?p=gcc.git;a=commit;f=gcc/match.pd;h=d70720c2382e687e192a9d666e80acb41bfda856) turning (-x)>>31 into a bool, often breaking constant-time code. Can often work around with (-x)>>30, and asm is safer anyway, but for portable fallbacks we need security-aware compilers.