On 9/6/2013 11:38 AM, Noel Chiappa wrote:
> From: Spencer Dawkins <spencerdawkins.ietf@xxxxxxxxx>
> I have to wonder whether weakening crypto systems to allow pervasive
> passive monitoring by "national agencies" would weaken them enough for
> technologically savvy corporations to monitor their competitors, for
> instance.
More importantly, if crypto systems are weaked so that the intelligence
agencies of the 'good guys' can monitor them, they're probably weak enough
that the intelligence agencies of the 'bad guys' can monitor them too.
The smarts level on the other side should not be under-estimated, although I
fear this often happens.
Noel,
I agree that's important (and perhaps "more important"), and that
underestimating 'bad guys' is all too tempting, and all too easy.
I thought to call attention to the opportunities for commercial leakage,
from everything from trade secrets to medical records, if our strong
crypto turns out to contain intentional weaknesses.
We have plenty of potential exposures to worry about, depending on who's
likely to be interested in seeing what we're trying to hide.
Spencer