Re: Nuanced points and RFC 1984

Hi,

On 8/17/15 10:30 PM, Brian E Carpenter wrote:
> On 18/08/2015 03:44, Eric Burger wrote:
> > I could be cynical and offer that this is the argument FOR a key escrow 
> > scheme. It will be great for business for secure communications companies to 
> > sell enterprises (“Hey - do you want your competition to listen in to your 
> > communications? No? You need our stuff!”).
As it happens, enterprises are huge users today of key escrow schemes
for storage.  And nobody in this discussion would be arguing to mandate
escrow.  In fact I'm not even advising escrow.  Quite the contrary,
really.  All I'm saying is that it is not reasonable to argue extremes,
and one extreme is that we need to assume in this case that the law
enforcement goal is perfect access to everything.

> > Alternatively, would this mean that only the smart, hardened criminals and 
> > IETF folks will have privacy? Interesting bedfellows...
> That is, and has always been, my point. The people society most has to fear
> are smart enough to avoid escrow, very possibly by paying for the expertise.
>
> To look at it slightly differently, from the bad actor's viewpoint, strong
> crypto with key escrow is equivalent to weak crypto, because the authorities
> can read the traffic (assuming that metadata surveillance has made the traffic
> seem interesting).
>
> Please do not assume that the really bad actors are unaware of this. They're
> not stupid and they have a lot of money.
And please do not assume that most bad actors have a frigging clue.  The
effectiveness existing law enforcement  is a proof point against that
assumption.  That does not mean that this organization should advocate
for escrow.  I just want us not to look like fools when making our point.

Eliot

signature.asc
Description: OpenPGP digital signature