ietf-openpgp
[Top] [All Lists]

Re: [openpgp] saltpack on OpenPGP message format problems

2016-03-01 13:12:44
Reconsidering this issue in the wake of the Apple/FBI set to...

I think one point that has been massively overlooked by traditional
crypto applications is the need to store private keys securely. In
particular, it should be possible to fix private keys to a device such
that the key can be used on that device but it is not possible to
remove the key from the device and install it on another device
without 'heroic' efforts (e.g. uncapping the CPU and reading it with a
scanning electron microscope).

In particular, this has tended to be something that it is 'assumed' is
merely a platform issue. But having tried to implement such, I am very
sure that it is not and that you really need to consider the use of
trustworthy security features such as the iOS Secure Enclave or
Microsoft's TPM. when designing the protocol.

And I have no doubt that the NSA BULLRUN shills have been assiduously
stroking anti-DRM ideology as a way of discouraging implementation of
strong hardware security measures. Now that we are seeing machine
compromise as a vector for poisoning open source projects with
malware, we need to change our approach.


What would help perhaps is some better info as to what features are
out there and widely supported. The NSA has been very successful in
discouraging people from pushing for these features. But they are very
much needed.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>