Pen register request used to force disclosure of SSL private keys - LavaBit hearings
this is perhaps the most interesting aspect of the LavaBit proceedings. See: http://cryptome.org/2013/10/lavabit-orders.pdf in short if you have not designed your system to be amenable to metadata tapping, particularly all the rich metadata requested by a "pen register", they're going to demand the encryption keys to access this metadata. said again for emphasis: SSL private keys are demanded under the smallest of justifications, which need not even show probable cause nor reasonable suspicion!! (they did later go back with an actual warrant for the keys, but only after this initial gambit, made repeatedly, failed.) """ July 16, 2013 TRANSCRIPT OF HEARING BEFORE THE HONORABLE CLAUDE M. HILTON ... [ED: James Trump is the fed lawyer, Ladar Levinson the LavaBit operator.] ... THE COURT: So as I understand it, my initial order ordered nothing but that the pen register be put in place. MR . TRUMP : And all technical assistance, information, and facilities necessary to implement the pen register. And it's our position t hat without the encryption keys, the data from the pen register will be meaningless. So to facilitate the actual monitoring required by the pen register, the FBI also requires the encryption keys . THE COURT: Well, that could be, but I don't know that I need - - I don ' t know that I need to reach that because I've issued a search warrant for that . MR. TRUMP : Correct, Your Honor. That the -- to avoid litigating this issue, we asked the Court to enter the seizure warrant. THE COURT : Well, what I ' m saying is if he agrees that the pen register be established, and that the only thing he doesn't want to do in connection with the pen register is to give up the encryption device or code MR. LEVISON : I've always maintained that . THE COURT : -- so we ' ve got no issue here . You're ready to do that? MR. LEVISON : I ' ve been ready to do that since Agent Howard spoke to me the first time . THE COURT: All right . So that ends our -- MR . TRUMP : Well, then we have to inquire of Mr, Levison whether he ... Jill produce the encryption keys pursuant to the search warrant that Your Honor just signed. THE COURT : But I can't deal with that this morning, can I? MR . TRUMP : Well , it ' s the same issue . You could ask him, Your Honor . We can serve him with the warrant and ask him if he' 5 going to comply rather than - - MR. LEVISON : Your Honor I've also been issued a subpoena demanding those same keys, which I brought with me in the event that we would have to address that subpoena . THE COURT : I don't know, Mr . Trump . I don't think I want to get involved in asking him . You can talk with him and see whether he ' s going to produce them or not and let him tell you . But I don ' t think I ought to go asking what he's going to do and what he's not going to do because I can ' t take any action about it anyway . If he does not comply with the subpoena, there are remedies for that one way or another . MR . TRUMP: Well, the original pen register order was followed by a compulsion order from Judge Buchanan . The compulsion order required the encr yption keys to be produced . So , yes, part of the show cause order is to require compliance both with the pen register order and the compulsion order issued by Judge Buchanan . And that order, which was attached to the show cause order, states, "To the extent any information, facilities, or technical assistance are under the control of Lavabit are needed to provide the FBI with the encrypted data, Lavabit shall provide such information, facilities, or technical assistance forthwith ." MR. LEVISON : I would object to that statement . I don't know if I'm wording this correctly, but what was in that order to compel was a statement that was incorrect . Agent Howard seemed to believe that I had the ability to encrypt the e-mail content stored on our servers, which is not the case . I only have the keys that govern communications into and out of the network , and those keys are used to secure the traffic for all users, not just the user in question . So the statement in that order compelling me to decrypt stuff and Agent Howard stating that I have the ability to do that is technically false or incorrect. There was never an explicit demand that I turn over these keys . THE COURT : I don't know what bearing that would have, would it? I mean, I don't have a problem -- Judge Buchanan issued an order in addition to mine, and I'm not sure I ought to be enforcing Judge Buchanan's order . July order, if he says that he will produce or allow the installation of the pen register, and in addition I have issued a search warrant for the codes that you want, which I did this morning, that's been entered, it seems that this issue is over as far as I'm concerned except I need to see that he allows the pen register and complies with the subpoena . MR . TRUMP : Correct . THE COURT: If he doesn't comply -- if he doesn't comply with the subpoena, then that has -- I have to address that. MR . TRUMP : Right . THE COURT: But right now there's nothing for me to address here unless he is not telling me correctly about the pen register . MR. TRUMP: Well , we can -- Your Honor, if we can talk to Mr . Levison for five minutes, we can ask him whether he will honor the warrant that you just issued . MR. LEVISON : Before we do that , can I - - THE COURT : Well, what can I do about it if he doesn't, if he tells you he's not going to? You've got the right to go out and search and get it . MR . TRUMP: Well, we can't get the information without his assistance . He's the only who knows and has possession of it . We can't take it from him involuntarily . MR . LEVISON : If I may, sir, my other THE COURT : Wait just a second . You're trying to get me ahead . You're trying to get me to deal with a contempt before there's any contempt , and I have a problem with that. MR . TRUMP: I'm trying to avoid contempt altogether, Your Honor . THE COURT: I know you are . And I'd love for you-all to get together and do that. I don't want to deal with it either. But I don't think we can sit around and agree that there's going to be a default and I will address it before it occurs. MR . TRUMP: I'm just trying to figure out whether there's going to be a default . We'll take care of that, Judge . THE COURT : You can . I think the way we've got to do this - - and I'll listen to you . I'm cutting you off, I know, but I'll listen to you in a minute. The way we have to do this, the hearing that's before me this morning on this issue of the pen register, that's been resolved, or so he's told me . I don't know whether you want to continue this one week and see if he complies with that, which I guess would be prudent to do, or a few days for him to comply with the pen register. Then we Hill wait and see what happens with the SUbpoena . Because as far as my pen register order is concerned, he says he's going to comply with it . So that issue's over and done with . The next issue will be ... whether or not he complies with the subpoena . And I don't know and I don't want to presume, and I don't want him to represent to me what he intends to do when he can very well go home and decide he's going to do something different. When that warrant is served, we'll know what he's going to do . I think we've got - - I don't see another way to do it . MR . TRUMP : That's fine, Your Honor. We will serve the warrant on him as soon as we conclude this hearing, and we'll find out whether he will provide the keys or not .
If anyone reads this and doesn't think they haven't pulled the same gambit with every US cloud service provider, they are kidding themselves. This, in my opinion, can make all US encryption, even US-based certificate authorities really untrustworthy. What is to stop them from getting GoDaddy to give up their root certificates with a NSL and a small legal justification? Once they have it, they could, in theory, MitM attack a ton of servers, and I don't think the judges even realize that. On 03/10/2013 4:04 AM, coderman wrote:
this is perhaps the most interesting aspect of the LavaBit proceedings. See: http://cryptome.org/2013/10/lavabit-orders.pdf
in short if you have not designed your system to be amenable to metadata tapping, particularly all the rich metadata requested by a "pen register", they're going to demand the encryption keys to access this metadata.
said again for emphasis:
SSL private keys are demanded under the smallest of justifications, which need not even show probable cause nor reasonable suspicion!!
(they did later go back with an actual warrant for the keys, but only after this initial gambit, made repeatedly, failed.)
""" July 16, 2013 TRANSCRIPT OF HEARING BEFORE THE HONORABLE CLAUDE M. HILTON ... [ED: James Trump is the fed lawyer, Ladar Levinson the LavaBit operator.] ... THE COURT: So as I understand it, my initial order ordered nothing but that the pen register be put in place.
MR . TRUMP : And all technical assistance, information, and facilities necessary to implement the pen register. And it's our position t hat without the encryption keys, the data from the pen register will be meaningless. So to facilitate the actual monitoring required by the pen register, the FBI also requires the encryption keys .
THE COURT: Well, that could be, but I don't know that I need - - I don ' t know that I need to reach that because I've issued a search warrant for that .
MR. TRUMP : Correct, Your Honor. That the -- to avoid litigating this issue, we asked the Court to enter the seizure warrant.
THE COURT : Well, what I ' m saying is if he agrees that the pen register be established, and that the only thing he doesn't want to do in connection with the pen register is to give up the encryption device or code
MR. LEVISON : I've always maintained that .
THE COURT : -- so we ' ve got no issue here . You're ready to do that?
MR. LEVISON : I ' ve been ready to do that since Agent Howard spoke to me the first time .
THE COURT: All right . So that ends our --
MR . TRUMP : Well, then we have to inquire of Mr, Levison whether he ... Jill produce the encryption keys pursuant to the search warrant that Your Honor just signed.
THE COURT : But I can't deal with that this morning, can I?
MR . TRUMP : Well , it ' s the same issue . You could ask him, Your Honor . We can serve him with the warrant and ask him if he' 5 going to comply rather than - -
MR. LEVISON : Your Honor I've also been issued a subpoena demanding those same keys, which I brought with me in the event that we would have to address that subpoena .
THE COURT : I don't know, Mr . Trump . I don't think I want to get involved in asking him . You can talk with him and see whether he ' s going to produce them or not and let him tell you . But I don ' t think I ought to go asking what he's going to do and what he's not going to do because I can ' t take any action about it anyway . If he does not comply with the subpoena, there are remedies for that one way or another .
MR . TRUMP: Well, the original pen register order was followed by a compulsion order from Judge Buchanan . The compulsion order required the encr yption keys to be produced . So , yes, part of the show cause order is to require compliance both with the pen register order and the compulsion order issued by Judge Buchanan . And that order, which was attached to the show cause order, states, "To the extent any information, facilities, or technical assistance are under the control of Lavabit are needed to provide the FBI with the encrypted data, Lavabit shall provide such information, facilities, or technical assistance forthwith ."
MR. LEVISON : I would object to that statement . I don't know if I'm wording this correctly, but what was in that order to compel was a statement that was incorrect . Agent Howard seemed to believe that I had the ability to encrypt the e-mail content stored on our servers, which is not the case . I only have the keys that govern communications into and out of the network , and those keys are used to secure the traffic for all users, not just the user in question . So the statement in that order compelling me to decrypt stuff and Agent Howard stating that I have the ability to do that is technically false or incorrect. There was never an explicit demand that I turn over these keys .
THE COURT : I don't know what bearing that would have, would it? I mean, I don't have a problem -- Judge Buchanan issued an order in addition to mine, and I'm not sure I ought to be enforcing Judge Buchanan's order . July order, if he says that he will produce or allow the installation of the pen register, and in addition I have issued a search warrant for the codes that you want, which I did this morning, that's been entered, it seems that this issue is over as far as I'm concerned except I need to see that he allows the pen register and complies with the subpoena .
MR . TRUMP : Correct .
THE COURT: If he doesn't comply -- if he doesn't comply with the subpoena, then that has -- I have to address that.
MR . TRUMP : Right .
THE COURT: But right now there's nothing for me to address here unless he is not telling me correctly about the pen register .
MR. TRUMP: Well , we can -- Your Honor, if we can talk to Mr . Levison for five minutes, we can ask him whether he will honor the warrant that you just issued .
MR. LEVISON : Before we do that , can I - -
THE COURT : Well, what can I do about it if he doesn't, if he tells you he's not going to? You've got the right to go out and search and get it .
MR . TRUMP: Well, we can't get the information without his assistance . He's the only who knows and has possession of it . We can't take it from him involuntarily .
MR . LEVISON : If I may, sir, my other
THE COURT : Wait just a second . You're trying to get me ahead . You're trying to get me to deal with a contempt before there's any contempt , and I have a problem with that.
MR . TRUMP: I'm trying to avoid contempt altogether, Your Honor .
THE COURT: I know you are . And I'd love for you-all to get together and do that. I don't want to deal with it either. But I don't think we can sit around and agree that there's going to be a default and I will address it before it occurs.
MR . TRUMP: I'm just trying to figure out whether there's going to be a default . We'll take care of that, Judge .
THE COURT : You can . I think the way we've got to do this - - and I'll listen to you . I'm cutting you off, I know, but I'll listen to you in a minute. The way we have to do this, the hearing that's before me this morning on this issue of the pen register, that's been resolved, or so he's told me . I don't know whether you want to continue this one week and see if he complies with that, which I guess would be prudent to do, or a few days for him to comply with the pen register. Then we Hill wait and see what happens with the SUbpoena . Because as far as my pen register order is concerned, he says he's going to comply with it . So that issue's over and done with . The next issue will be ... whether or not he complies with the subpoena . And I don't know and I don't want to presume, and I don't want him to represent to me what he intends to do when he can very well go home and decide he's going to do something different. When that warrant is served, we'll know what he's going to do . I think we've got - - I don't see another way to do it .
MR . TRUMP : That's fine, Your Honor. We will serve the warrant on him as soon as we conclude this hearing, and we'll find out whether he will provide the keys or not .
-- Kelly John Rose Mississauga, ON Phone: +1 647 638-4104 Twitter: @kjrose Document contents are confidential between original recipients and sender.
When architecting a system, it is critical that the operator of the system should not have access to the keys at all. You can't be compelled to produce something that you don't have. It is not hard to do if it is part of your initial design. Backup providers like SpiderOak seem to be doing this right. I have designed a number of systems with this type of security design. Rule #1 don't store clear text. Rule #2 don't store decryption keys Rule #3 don't do decryption on the server Rule #4 treat all communications with people not implementing security on THEIR computers as insecure Email security for systems designed to work with outsiders who don't use the tool are particularly problematic. The operator can use public keys to encrypt traffic as it arrives, but can easily be compelled to reveal the arriving clear text messages before encryption. Is it the SSL certificate for the SMTP TLS that was being requested? It appears so from the transcripts. If that is the case, they are asking to access content that was stored in the clear on the previous mail server(s). This is hardly highly secured content. The HTTPS sessions might reasonably be considered more sensitive and secure. -Lance -- Lance Cottrell loki@obscura.com On Oct 3, 2013, at 3:04 AM, coderman <coderman@gmail.com> wrote:
this is perhaps the most interesting aspect of the LavaBit proceedings. See: http://cryptome.org/2013/10/lavabit-orders.pdf
in short if you have not designed your system to be amenable to metadata tapping, particularly all the rich metadata requested by a "pen register", they're going to demand the encryption keys to access this metadata.
said again for emphasis:
SSL private keys are demanded under the smallest of justifications, which need not even show probable cause nor reasonable suspicion!!
(they did later go back with an actual warrant for the keys, but only after this initial gambit, made repeatedly, failed.)
""" July 16, 2013 TRANSCRIPT OF HEARING BEFORE THE HONORABLE CLAUDE M. HILTON ... [ED: James Trump is the fed lawyer, Ladar Levinson the LavaBit operator.] ... THE COURT: So as I understand it, my initial order ordered nothing but that the pen register be put in place.
MR . TRUMP : And all technical assistance, information, and facilities necessary to implement the pen register. And it's our position t hat without the encryption keys, the data from the pen register will be meaningless. So to facilitate the actual monitoring required by the pen register, the FBI also requires the encryption keys .
THE COURT: Well, that could be, but I don't know that I need - - I don ' t know that I need to reach that because I've issued a search warrant for that .
MR. TRUMP : Correct, Your Honor. That the -- to avoid litigating this issue, we asked the Court to enter the seizure warrant.
THE COURT : Well, what I ' m saying is if he agrees that the pen register be established, and that the only thing he doesn't want to do in connection with the pen register is to give up the encryption device or code
MR. LEVISON : I've always maintained that .
THE COURT : -- so we ' ve got no issue here . You're ready to do that?
MR. LEVISON : I ' ve been ready to do that since Agent Howard spoke to me the first time .
THE COURT: All right . So that ends our --
MR . TRUMP : Well, then we have to inquire of Mr, Levison whether he ... Jill produce the encryption keys pursuant to the search warrant that Your Honor just signed.
THE COURT : But I can't deal with that this morning, can I?
MR . TRUMP : Well , it ' s the same issue . You could ask him, Your Honor . We can serve him with the warrant and ask him if he' 5 going to comply rather than - -
MR. LEVISON : Your Honor I've also been issued a subpoena demanding those same keys, which I brought with me in the event that we would have to address that subpoena .
THE COURT : I don't know, Mr . Trump . I don't think I want to get involved in asking him . You can talk with him and see whether he ' s going to produce them or not and let him tell you . But I don ' t think I ought to go asking what he's going to do and what he's not going to do because I can ' t take any action about it anyway . If he does not comply with the subpoena, there are remedies for that one way or another .
MR . TRUMP: Well, the original pen register order was followed by a compulsion order from Judge Buchanan . The compulsion order required the encr yption keys to be produced . So , yes, part of the show cause order is to require compliance both with the pen register order and the compulsion order issued by Judge Buchanan . And that order, which was attached to the show cause order, states, "To the extent any information, facilities, or technical assistance are under the control of Lavabit are needed to provide the FBI with the encrypted data, Lavabit shall provide such information, facilities, or technical assistance forthwith ."
MR. LEVISON : I would object to that statement . I don't know if I'm wording this correctly, but what was in that order to compel was a statement that was incorrect . Agent Howard seemed to believe that I had the ability to encrypt the e-mail content stored on our servers, which is not the case . I only have the keys that govern communications into and out of the network , and those keys are used to secure the traffic for all users, not just the user in question . So the statement in that order compelling me to decrypt stuff and Agent Howard stating that I have the ability to do that is technically false or incorrect. There was never an explicit demand that I turn over these keys .
THE COURT : I don't know what bearing that would have, would it? I mean, I don't have a problem -- Judge Buchanan issued an order in addition to mine, and I'm not sure I ought to be enforcing Judge Buchanan's order . July order, if he says that he will produce or allow the installation of the pen register, and in addition I have issued a search warrant for the codes that you want, which I did this morning, that's been entered, it seems that this issue is over as far as I'm concerned except I need to see that he allows the pen register and complies with the subpoena .
MR . TRUMP : Correct .
THE COURT: If he doesn't comply -- if he doesn't comply with the subpoena, then that has -- I have to address that.
MR . TRUMP : Right .
THE COURT: But right now there's nothing for me to address here unless he is not telling me correctly about the pen register .
MR. TRUMP: Well , we can -- Your Honor, if we can talk to Mr . Levison for five minutes, we can ask him whether he will honor the warrant that you just issued .
MR. LEVISON : Before we do that , can I - -
THE COURT : Well, what can I do about it if he doesn't, if he tells you he's not going to? You've got the right to go out and search and get it .
MR . TRUMP: Well, we can't get the information without his assistance . He's the only who knows and has possession of it . We can't take it from him involuntarily .
MR . LEVISON : If I may, sir, my other
THE COURT : Wait just a second . You're trying to get me ahead . You're trying to get me to deal with a contempt before there's any contempt , and I have a problem with that.
MR . TRUMP: I'm trying to avoid contempt altogether, Your Honor .
THE COURT: I know you are . And I'd love for you-all to get together and do that. I don't want to deal with it either. But I don't think we can sit around and agree that there's going to be a default and I will address it before it occurs.
MR . TRUMP: I'm just trying to figure out whether there's going to be a default . We'll take care of that, Judge .
THE COURT : You can . I think the way we've got to do this - - and I'll listen to you . I'm cutting you off, I know, but I'll listen to you in a minute. The way we have to do this, the hearing that's before me this morning on this issue of the pen register, that's been resolved, or so he's told me . I don't know whether you want to continue this one week and see if he complies with that, which I guess would be prudent to do, or a few days for him to comply with the pen register. Then we Hill wait and see what happens with the SUbpoena . Because as far as my pen register order is concerned, he says he's going to comply with it . So that issue's over and done with . The next issue will be ... whether or not he complies with the subpoena . And I don't know and I don't want to presume, and I don't want him to represent to me what he intends to do when he can very well go home and decide he's going to do something different. When that warrant is served, we'll know what he's going to do . I think we've got - - I don't see another way to do it .
MR . TRUMP : That's fine, Your Honor. We will serve the warrant on him as soon as we conclude this hearing, and we'll find out whether he will provide the keys or not .
On Thu, Oct 3, 2013 at 9:30 AM, Lance Cottrell <loki@obscura.com> wrote:
When architecting a system, it is critical that the operator of the system should not have access to the keys at all... ... Rule #1 don't store clear text. Rule #2 don't store decryption keys Rule #3 don't do decryption on the server Rule #4 treat all communications with people not implementing security on THEIR computers as insecure
some have suggested a rule #5: don't distribute updates automatically to your users and don't implement security critical functions in code that is delivered to the client via the server. i have yet to see a definitive case of a US company forced to include a backdoor in their software or forced to use their software update channel to deliver a CALEA/intercept friendly version of code to the targeted customer. to date all of these requests appear to be off the record rather than enforced via judicial motion. this is a shame, since out of date software itself poses significant risk, and is best resolved via automatic updates from the vendor.
Email security for systems designed to work with outsiders who don't use the tool are particularly problematic. The operator can use public keys to encrypt traffic as it arrives, but can easily be compelled to reveal the arriving clear text messages before encryption.
i'll avoid repeating my "email is for public communication" rant ;)
Is it the SSL certificate for the SMTP TLS that was being requested?... This is hardly highly secured content. The HTTPS sessions might reasonably be considered more sensitive and secure.
my reading of this sequence of motions is that at least five different keys were requested, which seems to imply _all_ SSL/TLS keys, including those for HTTPS sessions. e.g. they can request "pen register" information for web traffic! (we're a long way from just the dialed digits days...)
This, in my opinion, can make all US encryption, even US-based certificate authorities really untrustworthy. What is to stop them from getting GoDaddy to give up their root certificates with a NSL and a small legal justification?
We need to catch a CA which does this, for example using Certificate Transparency. Then handing over the CA private key is equivalent to committing company suicide. This means that 1. CAs will fight with all they've got 2. If corruption is successful, eliminates US CAs one by one until there are none left to compel.
some have suggested a rule #5: don't distribute updates automatically to your users and don't implement security critical functions in code that is delivered to the client via the server.
I don't think disabling auto-update is a good idea. What we need is secure auto update. This involves: 1) requiring multiple signatures on the update by people in different jurisdictions 2) Reproducible builds 3) A Certificate Transparency like log of all updates. I believe TOR is doing some work on points 1) and 2).
On Thu, Oct 3, 2013 at 12:24 PM, CodesInChaos <codesinchaos@gmail.com> wrote:
... I don't think disabling auto-update is a good idea. What we need is secure auto update.
agreed.
This involves: 1) requiring multiple signatures on the update by people in different jurisdictions 2) Reproducible builds 3) A Certificate Transparency like log of all updates.
I believe TOR is doing some work on points 1) and 2).
there are additional concerns regarding the implementation of updates and key management for the updates as well. see: http://www.cs.arizona.edu/stork/ http://www.cs.arizona.edu/stork/packagemanagersecurity/papers.html https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Thandy
[Man there's a lot of names from the old days on this list. Good to hear from you Lance :-] I think the take-away from this issue is CAs should issue certifictes on keys used for signing only. Say its a DSA, or ECDSA which is a damn good choice because it is not even directly possible to encrypt with it (*), and the key usage will be marked sign only, so there is no argument about its purpose. Then we disable any non-forward-secret ciphersuites (and forward secret ciphersuites are not coincidentally the only ciphersuites that work with a signing only server key). Then the only plausible reason to demand the signing key is to perform a MITM not to access "encrypted data". Firstly MITM is more work, and secondly theyd at that point just as well play nicely and ask the operator with a subpoena to hand over some info inside the SSL stream if there's anything useful in there. In some countries there are explicit legal protections for signature only keys. At best they subpoena could ask the operator to record the session keys via the SSL web server, however that feature is not present as far as I know. I also think the weak point with lavabit was probably the in-mail and out-mail, as with silentcircle, and I presume the reason silent circle disabled email (though they could have secured internal sc-sc mail using eg the same end2end secure messaging architcture they use for messaging). A further weak point of lavabit as I understand it is it was actually taking the password to the server!! So the user private key was in the server ram temporarily. Which is complete misdesign and makes you start to question Snowden's crypto tradecraft which up to that point was looking pretty damn strong from the news reports. Anyway signature only keys and forward-secrecy FTW already. About software updates, I think we've reached the point of multiple independent public interest code review bodies with signing authority together with the software vendor. The other thing with opensource it can be forked if the main vendor goes wrong or is coerced. You see this kind of reasoning with bitcoin foundation etc as its probably the highest open software assurance level on the planet protecting > $1bn in bearer bitcoin value :) The only possible exception to the coerced code change might be the hushmail thing thogh I am kind of fuzzy about what exactly did happen. There were two versions, one like lavabit (server has key temporarily) and one real end2end as I recall and one version of the story is it was the non-end2end one that got the user info info subpoenaed. Adam (*) Yes yes I know you could abuse DSA public key for another discrete encryption log algorithm, however such practice is considered risky to reuse an asymmetric key for two different algorithms in case there is a way to use one as an oracle to attack the other. On Thu, Oct 03, 2013 at 11:57:22AM -0700, coderman wrote:
On Thu, Oct 3, 2013 at 9:30 AM, Lance Cottrell <loki@obscura.com> wrote:
When architecting a system, it is critical that the operator of the system should not have access to the keys at all... ... Rule #1 don't store clear text. Rule #2 don't store decryption keys Rule #3 don't do decryption on the server Rule #4 treat all communications with people not implementing security on THEIR computers as insecure
some have suggested a rule #5: don't distribute updates automatically to your users and don't implement security critical functions in code that is delivered to the client via the server.
i have yet to see a definitive case of a US company forced to include a backdoor in their software or forced to use their software update channel to deliver a CALEA/intercept friendly version of code to the targeted customer. to date all of these requests appear to be off the record rather than enforced via judicial motion.
this is a shame, since out of date software itself poses significant risk, and is best resolved via automatic updates from the vendor.
participants (5)
-
Adam Back -
coderman -
CodesInChaos -
Kelly John Rose -
Lance Cottrell