Re: Last Call: Recognising RFC1984 as a BCP

Brian,

On 8/14/15 1:17 AM, Brian E Carpenter wrote:

> I think this is irrelevant to RFC 1984. Our point then, which is still
> true, is that bad actors are able to use strong cryptography without
> escrowing their keys, thus creating their own "impregnable conduit".
> So key escrow is utterly pointless in terms of defeating truly bad
> actors, although it does help governments to spy on more law-abiding
> citizens. When spying on bad actors, you have no choice but to assume
> that they have an "impregnable conduit" and use other techniques. Brian 
Let's please split this in half.  Technically up until the last sentence
you are absolutely correct, and it is important that policy makers
understand the limitations of any sort of key escrow regime - or key
size limitation.  And they should understand the risks of disgorging
private keys.  RFC 1984 does a great job of explaining that, and that's
why it's perfectly fine for this to be a BCP in my mind.

But that last sentence is the crazy part of this debate because long
experience has shown that even when the technology has been available,
many bad guys haven't availed themselves of it.  Experience also shows
that key escrow can and has been done for storage purposes.  But it
comes with substantial risks, and the biggest one is that someone will
break into the escrow and steal keys.[1]  Again, OPR's break-in should
give people long pause before creating a large central store of
sensitive information.  This is the sort of dialog with policy makers
that needs to occur.

Eliot
[1]
http://www.cnbc.com/2014/10/21/china-hackers-may-have-hacked-apples-icloud.html

signature.asc
Description: OpenPGP digital signature