Kyle
Anyone in their rights minds understands the dangers with government key escrow systems and governments requesting back doors or delaying the remediation of existing zero days, local and remote exploits so that they can utilise them for their own intelligence or law enforcement purposes.
From FooCrypt’s perspective, FooCrypt utilises OpenSSL as an engine calling the binary via an exec rather than calling a purposely built library from the OpenSSL source code. This has added security as it enables the end user to select an appropriate version of the engine that they have access to as per their own countries legal requirements around encryption software. FooCrypt is distributed on macOS platforms as a read only disk image, on linux and windows systems as a Debian package, and as a customised SOE in a read only bootable Live ISO file which can be burnt to an old fashioned DVD, and booted via a VM or on cut down hardware with no physical disk / network / bluetooth etc. The encrypted data objects can be sent via any messaging service / email / snail mail postage / fax / protocol / etc. Technically, if an end user, utilised the Live ISO on a blackbox system, with a deadman switch on the power, there is no way to ‘escrow’ they keys for anyone.
Not only is AssAccess an affront to the sanity of those who are left in Australia still managing to work in the encryption space since they criminalised encryption under the Defence Trade Acts additions of encryption into the Defence Strategic Goods Listing, it has been politicised by our degenerate LNP government with make believe claims that have no founding and belittles those with any technical understanding of the issues.
From a users perspective, end users should be able to ‘trust’ the encryption software they use and not have to deal with the perception of ‘back doors’ requested by Governments, which can’t be reported by those who are crunchy the code, as the Government is threatening them with a 5 year jail term and massive fines for disclosing the Governments attempts to circumvent security.
Getting the key for any given communication from OpenSSL is definitely doable if you're not using an engine. If you are using an engine, it may or may not be even possible.
In any case, maintaining that key once you have it is definitely out of scope of OpenSSL. As an app developer subject to that law, it is up to you to figure out a way to keep it available for compliance purposes.
I'm not part of the OpenSSL team, so I have no capacity to make a policy statement on their behalf. However, I'm pretty sure that OpenSSL is not going to alter its API or its library design to make it easier for a bolt-on AusAssAccess module to be written that directly queries the state of the library or its structures.
That said, in the past it's been bandied about that an originating software package subject to the law could encrypt the symmetric key not only to the intended recipient, but also to a hardcoded compliance key. A receiving software package subject to the law would have to modify its receipt process to store a copy of the symmetric key elsewhere when it first decrypted a message -- probably also encrypted to a hardcoded compliance key.
The downside is "what happens when that compliance key is compromised"? (or, for that matter, if the compliance key is lost.) And it will be compromised or lost, someday, some way. That's the reason so many people have been against backdoors like this -- the security of the system is good, but the security of human beings tasked with maintaining the security of the system is nowhere near as good.
-Kyle H
Rather than going down the political or policy line, perhaps it may be prudent to discuss the technical solutions to testing the engine, regardless of the OS it is running on.
How does one validate and test the engines during / after compile to ensure their ‘trust’ ?
> On 15 Dec 2018, at 10:42, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
>
>> On Dec 14, 2018, at 5:42 PM, bmeeker51@xxxxxxxxxxxxxxxxxxx wrote:
>>
>> I simply wanted a clear statement so I can make an informed decision whether or not I should use OpenSSL in future projects. I now have my answer. Thank you.
>
> This is not the right forum for that question. The bill is too
> new for a policy response to have been considered or agreed.
>
> OpenSSL has committers from many countries. OpenSSH also
> has an Australian maintainer, have they published a policy?
>
> I am sure there are Australian contributors to Linux, NetBSD,
> FreeBSD, OpenBSD, Android, ...
>
> Avoiding all taint from anything touched by Australia will not
> be easy.
>
> --
> Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Rather than going down the political or policy line, perhaps it may be prudent to discuss the technical solutions to testing the engine, regardless of the OS it is running on.
How does one validate and test the engines during / after compile to ensure their ‘trust’ ?
> On 15 Dec 2018, at 10:42, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
>
>> On Dec 14, 2018, at 5:42 PM, bmeeker51@xxxxxxxxxxxxxxxxxxx wrote:
>>
>> I simply wanted a clear statement so I can make an informed decision whether or not I should use OpenSSL in future projects. I now have my answer. Thank you.
>
> This is not the right forum for that question. The bill is too
> new for a policy response to have been considered or agreed.
>
> OpenSSL has committers from many countries. OpenSSH also
> has an Australian maintainer, have they published a policy?
>
> I am sure there are Australian contributors to Linux, NetBSD,
> FreeBSD, OpenBSD, Android, ...
>
> Avoiding all taint from anything touched by Australia will not
> be easy.
>
> --
> Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
|