Hi, On 8/17/15 10:30 PM, Brian E Carpenter wrote: > On 18/08/2015 03:44, Eric Burger wrote: >> I could be cynical and offer that this is the argument FOR a key escrow scheme. It will be great for business for secure communications companies to sell enterprises (“Hey - do you want your competition to listen in to your communications? No? You need our stuff!”). As it happens, enterprises are huge users today of key escrow schemes for storage. And nobody in this discussion would be arguing to mandate escrow. In fact I'm not even advising escrow. Quite the contrary, really. All I'm saying is that it is not reasonable to argue extremes, and one extreme is that we need to assume in this case that the law enforcement goal is perfect access to everything. >> >> Alternatively, would this mean that only the smart, hardened criminals and IETF folks will have privacy? Interesting bedfellows... > That is, and has always been, my point. The people society most has to fear > are smart enough to avoid escrow, very possibly by paying for the expertise. > > To look at it slightly differently, from the bad actor's viewpoint, strong > crypto with key escrow is equivalent to weak crypto, because the authorities > can read the traffic (assuming that metadata surveillance has made the traffic > seem interesting). > > Please do not assume that the really bad actors are unaware of this. They're > not stupid and they have a lot of money. And please do not assume that most bad actors have a frigging clue. The effectiveness existing law enforcement is a proof point against that assumption. That does not mean that this organization should advocate for escrow. I just want us not to look like fools when making our point. Eliot
Attachment:
signature.asc
Description: OpenPGP digital signature