ietf
[Top] [All Lists]

Re: Nuanced points and RFC 1984

2015-08-17 15:30:58
On 18/08/2015 03:44, Eric Burger wrote:
I could be cynical and offer that this is the argument FOR a key escrow 
scheme. It will be great for business for secure communications companies to 
sell enterprises (“Hey - do you want your competition to listen in to your 
communications? No? You need our stuff!”).

Alternatively, would this mean that only the smart, hardened criminals and 
IETF folks will have privacy? Interesting bedfellows...

That is, and has always been, my point. The people society most has to fear
are smart enough to avoid escrow, very possibly by paying for the expertise.

To look at it slightly differently, from the bad actor's viewpoint, strong
crypto with key escrow is equivalent to weak crypto, because the authorities
can read the traffic (assuming that metadata surveillance has made the traffic
seem interesting).

Please do not assume that the really bad actors are unaware of this. They're
not stupid and they have a lot of money.

   Brian



On Aug 17, 2015, at 11:29 AM, Eliot Lear <lear(_at_)cisco(_dot_)com> wrote:

My typing is nowhere near as nuanced: slight correction below:

On 8/17/15 4:57 PM, Eliot Lear wrote:
Harald,

On 8/17/15 2:09 PM, Harald Alvestrand wrote:
On 08/17/2015 09:06 AM, Eliot Lear wrote:

Escrow is only useful against law-abiding people who
trust the government(s) in the first place.


It's that assertion that has been repeatedly proven false with all
manner of other technology.

{{citation needed}} - in other debates, I've heard "proof" claimed for
all sorts of things; sometimes it's things I believe; sometimes it turns
out that the "proof" is itself hugely controversial.



I did provide a citation to this list on August 12th that contradicted what 
Brian wrote above:

http://www.nytimes.com/2015/08/09/business/international/effects-of-petrobras-scandal-leave-brazilians-lamenting-a-lost-dream.html

Here's a case where the people in question could have gone to some lengths 
to protect their communications but did not.  That is practically speaking 
the entire history of wiretapping.[*]  That doesn't mean we break our 
protocol suite to wire tap, but it also doesn't mean that we overstate the 
negatives when talking to others.  1984 makes clear that use of escrow and 
other approaches has serious side effects that can negatively impact 
security.  That statement is good enough.[**]

Eliot

[*] I'm reminded of another example of this sort of thing.  Many years ago, 
in the middle of winter, my parents' house was broken into.  They called 
the police and the police quickly arrested a person who lived nearby, 
having tracked him by his footprints in a snowy field that links many of 
the houses.  Had he simply walked on the clear sidewalk, he probably 
wouldn't have been caught.  Not all criminals are super geniuses.[1]

[**] Elsewhere it has been asserted that there is no ability to create a 
functioning escrow approach that scales.  I think that's very likely true, 
but if it turns out not to be, we should revisit 1984 at that time, as to 
whether or not it remains appropriate as a BCP.

[1] https://www.flickr.com/photos/ladystephanie/10227056515

Sorry about that.