Re: Morality masks technical ignorance
Responding to msg by Adam Shostack ( when bad things happen to good crypto): The technical reason to oppose GAK is that it adds points of failure to a crypto system which need not be there. Those POF are not adequately tied to the consequences of their actions (releasing a key improperly), and as such will be used as points to attack the integrity of the system. ............................................................... And if there were no points of failure added by it, would you approve, agree, to its mandatory requirement? .. Blanc
Blanc asks: | Responding to msg by Adam Shostack ( when bad things happen to | good crypto): | | The technical reason to oppose GAK is that it adds points of | failure to a crypto system which need not be there. Those POF | are not adequately tied to the consequences of their actions | (releasing a key | improperly), and as such will be used as points to attack the | integrity of the system. | ............................................................... | | And if there were no points of failure added by it, would you | approve, agree, to its mandatory requirement? I wouldn't care. First, any GAK system must add points of failure. Second, if it didn't add points of failure, it would be another expensive and pointless government program. Since there are no points of failure, they can never access my key. Thats not because key access is arbitrarily defined as a failure, but because any mechanism that allows them to get my key from a database can be subverted to get keys for which there is no 'legitimate' need. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, blancw@pylon.com writes:
Responding to msg by Adam Shostack ( when bad things happen to good crypto):
The technical reason to oppose GAK is that it adds points of failure to a crypto system which need not be there.
[...]
And if there were no points of failure added by it, would you approve, agree, to its mandatory requirement?
Sorry, blanc, but the very existance of GAK is a point of failure. - -- Roy M. Silvernail [ ] roy@cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request@cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwOzQxvikii9febJAQH0XgQAnL/dMtrIgu7L1dgjswOD4LZH6yZHkZ0x V4ZFlm9oCCc089p6XaQgaOZTcBSfKiTlVHq4BXV2EWpm6ULX77rvn1cHSbmOdpvc hjFc8bbPg586if+oGRCNXs2yO5s+KQygQh72w9D3zCVDMaFaJzCZqoa9WmMT6HmM YsJJz5ytGCY= =rlpe -----END PGP SIGNATURE-----
participants (3)
-
Adam Shostack -
blancw@pylon.com -
roy@cybrspc.mn.org