On 14/08/2015 18:15, Eliot Lear wrote:
> Brian,
>
> On 8/14/15 1:17 AM, Brian E Carpenter wrote:
>
>> I think this is irrelevant to RFC 1984. Our point then, which is still
>> true, is that bad actors are able to use strong cryptography without
>> escrowing their keys, thus creating their own "impregnable conduit".
>> So key escrow is utterly pointless in terms of defeating truly bad
>> actors, although it does help governments to spy on more law-abiding
>> citizens. When spying on bad actors, you have no choice but to assume
>> that they have an "impregnable conduit" and use other techniques. Brian
>
> Let's please split this in half. Technically up until the last sentence
> you are absolutely correct, and it is important that policy makers
> understand the limitations of any sort of key escrow regime - or key
> size limitation. And they should understand the risks of disgorging
> private keys. RFC 1984 does a great job of explaining that, and that's
> why it's perfectly fine for this to be a BCP in my mind.
>
> But that last sentence is the crazy part of this debate because long
> experience has shown that even when the technology has been available,
> many bad guys haven't availed themselves of it.
Of course, or they have made mistakes that weaken the strong crypto.
But if your job is to look for the really bad guys, you MUST assume
that they are using strong crypto with inaccessible keys. It's
irresponsible to assume anything else.
Brian
> Experience also shows
> that key escrow can and has been done for storage purposes. But it
> comes with substantial risks, and the biggest one is that someone will
> break into the escrow and steal keys.[1] Again, OPR's break-in should
> give people long pause before creating a large central store of
> sensitive information. This is the sort of dialog with policy makers
> that needs to occur.
>
> Eliot
> [1]
> http://www.cnbc.com/2014/10/21/china-hackers-may-have-hacked-apples-icloud.html
>