On 14/08/2015 04:31, Stewart Bryant wrote:
> On 13/08/2015 17:18, Dave Crocker wrote:
>> On 8/13/2015 9:14 AM, Stewart Bryant wrote:
>>> Many of the interesting cases can be addressed by some mixture of
>>> extreme key fragmentation with escrow fragmented across a set
>>> of organizations that are both unable and unlikely to collude, but
>>> would co-operate with an appropriate third party if presented with
>>> the appropriate justification.
>>
>> That's theory that could reasonably sound appealing. Are there
>> real-world examples of a model like this showing the desired properties
>> that balance safety and utility?
>>
>> We all generate a constant stream of logical wonderful theories. The
>> pragmatics kill most of them.
>>
>> This being an 'engineering' group rather than a 'research' group, we are
>> supposed to make agreements based on a solid knowledge of those pragmatics.
>>
>> d/
>>
> The pragmatics of law enforcement is that you provide reasonable
> protection for the rights of the law abiding whilst catching sufficient
> of the unlawful that all but the most extreme in terms of
> criminal sophistication, or lawlessness are discouraged.
>
> In other words we need to apply engineering pragmatics that matches
> the pragmatics of law enforcement.
I think this is irrelevant to RFC 1984. Our point then, which is still
true, is that bad actors are able to use strong cryptography without
escrowing their keys, thus creating their own "impregnable conduit".
So key escrow is utterly pointless in terms of defeating truly bad
actors, although it does help governments to spy on more law-abiding
citizens. When spying on bad actors, you have no choice but to
assume that they have an "impregnable conduit" and use other
techniques.
Brian