Ben Laurie wrote on 31/07/2023 12:39:
How about looking at the actual situation, which is that governments claim two policy obligations, one is around strong encryption (necessary for security, commerce, etc) and the other is around lawful access? The technical issue is that these cannot both be satisfied.
Governments often find themselves in a position where somehow they need to square the circle - which is incidentally, and quite literally, how the Indiana Pi Bill happened. Providing them with level-headed, neutral technical advice is often a good approach to mitigating against policy stupidity.
This is where bodies like the IETF can step in. If the IETF felt that an Informational RFC or BCP would be a useful reference to document the incompatibility between strong encryption and lawful access (at least in transit), don't underestimate how widely quoted this document would be.
Nick
