On 14/08/2015 18:15, Eliot Lear wrote:
Brian,
On 8/14/15 1:17 AM, Brian E Carpenter wrote:
I think this is irrelevant to RFC 1984. Our point then, which is still
true, is that bad actors are able to use strong cryptography without
escrowing their keys, thus creating their own "impregnable conduit".
So key escrow is utterly pointless in terms of defeating truly bad
actors, although it does help governments to spy on more law-abiding
citizens. When spying on bad actors, you have no choice but to assume
that they have an "impregnable conduit" and use other techniques. Brian
Let's please split this in half. Technically up until the last sentence
you are absolutely correct, and it is important that policy makers
understand the limitations of any sort of key escrow regime - or key
size limitation. And they should understand the risks of disgorging
private keys. RFC 1984 does a great job of explaining that, and that's
why it's perfectly fine for this to be a BCP in my mind.
But that last sentence is the crazy part of this debate because long
experience has shown that even when the technology has been available,
many bad guys haven't availed themselves of it.
Of course, or they have made mistakes that weaken the strong crypto.
But if your job is to look for the really bad guys, you MUST assume
that they are using strong crypto with inaccessible keys. It's
irresponsible to assume anything else.
Brian
Experience also shows
that key escrow can and has been done for storage purposes. But it
comes with substantial risks, and the biggest one is that someone will
break into the escrow and steal keys.[1] Again, OPR's break-in should
give people long pause before creating a large central store of
sensitive information. This is the sort of dialog with policy makers
that needs to occur.
Eliot
[1]
http://www.cnbc.com/2014/10/21/china-hackers-may-have-hacked-apples-icloud.html