On Sat, Jul 03, 2010 at 05:00:20AM +0000, John Case wrote:
On Thu, 1 Jul 2010, Eugen Leitl wrote:
Or they at least try to make it look that way, at least.
http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/
Brazilian banker's crypto baffles FBI
I find it baffling that we aren't hearing anything about key escrow. How in the world did we go through the 9/11 TLA bonanza, and all of the recent Internet Kill Switch gibberish and not once hear about key escrow ?
These ideas don't just go away ... I'm suspicious ...
Quite simply, because there are many other ways to perform effective intelligence work without requiring key escrow. A few relevant points: 1. It would be hard for the government to force people to use their key escrowed system. 2. With whom you communicate is often more interesting that what you communicate. 3. Humans are bad at storing cryptographic keys. They tend to write them down somewhere, exposing them to various attacks (sneak and peek warrant, installation of covert camera, keylogger, TEMPEST). 4. Cryptography is very, very rarely the weakest point of a system. -- irene