On 18/08/2015 03:44, Eric Burger wrote:
I could be cynical and offer that this is the argument FOR a key escrow
scheme. It will be great for business for secure communications companies to
sell enterprises (“Hey - do you want your competition to listen in to your
communications? No? You need our stuff!”).
Alternatively, would this mean that only the smart, hardened criminals and
IETF folks will have privacy? Interesting bedfellows...
That is, and has always been, my point. The people society most has to fear
are smart enough to avoid escrow, very possibly by paying for the expertise.
To look at it slightly differently, from the bad actor's viewpoint, strong
crypto with key escrow is equivalent to weak crypto, because the authorities
can read the traffic (assuming that metadata surveillance has made the traffic
seem interesting).
Please do not assume that the really bad actors are unaware of this. They're
not stupid and they have a lot of money.
Brian
On Aug 17, 2015, at 11:29 AM, Eliot Lear <lear(_at_)cisco(_dot_)com> wrote:
My typing is nowhere near as nuanced: slight correction below:
On 8/17/15 4:57 PM, Eliot Lear wrote:
Harald,
On 8/17/15 2:09 PM, Harald Alvestrand wrote:
On 08/17/2015 09:06 AM, Eliot Lear wrote:
Escrow is only useful against law-abiding people who
trust the government(s) in the first place.
It's that assertion that has been repeatedly proven false with all
manner of other technology.
{{citation needed}} - in other debates, I've heard "proof" claimed for
all sorts of things; sometimes it's things I believe; sometimes it turns
out that the "proof" is itself hugely controversial.
I did provide a citation to this list on August 12th that contradicted what
Brian wrote above:
http://www.nytimes.com/2015/08/09/business/international/effects-of-petrobras-scandal-leave-brazilians-lamenting-a-lost-dream.html
Here's a case where the people in question could have gone to some lengths
to protect their communications but did not. That is practically speaking
the entire history of wiretapping.[*] That doesn't mean we break our
protocol suite to wire tap, but it also doesn't mean that we overstate the
negatives when talking to others. 1984 makes clear that use of escrow and
other approaches has serious side effects that can negatively impact
security. That statement is good enough.[**]
Eliot
[*] I'm reminded of another example of this sort of thing. Many years ago,
in the middle of winter, my parents' house was broken into. They called
the police and the police quickly arrested a person who lived nearby,
having tracked him by his footprints in a snowy field that links many of
the houses. Had he simply walked on the clear sidewalk, he probably
wouldn't have been caught. Not all criminals are super geniuses.[1]
[**] Elsewhere it has been asserted that there is no ability to create a
functioning escrow approach that scales. I think that's very likely true,
but if it turns out not to be, we should revisit 1984 at that time, as to
whether or not it remains appropriate as a BCP.
[1] https://www.flickr.com/photos/ladystephanie/10227056515
Sorry about that.