CryptoSeal shutters, ala: LavaBit

Kelly John Rose iam at kjro.se
Mon Oct 21 21:05:21 PDT 2013


No. You receive the data over an ssl encrypted stream just like everyone
else. It just is that no one can get the private key to mitm everything and
get all data for all users.

On Monday, October 21, 2013, Ted Smith wrote:

> ...so the third party decrypts your traffic for you and sends you
> plaintext?
>
> On Mon, 2013-10-21 at 23:26 -0400, Kelly John Rose wrote:
> > Crazy idea.
> >
> > Put the server into the hands of a third party outside of the US. Have
> > that 3rd party have total and absolute rights to the SSL root
> > certificate and your party to not have any capacity to force said party
> > to hand over the certificate. You use it, but you don't have any ability
> > to actually get access to it directly.
> >
> > Crazy idea, but I wonder if there would be some way to make this work
> > where even if they tried to force you, you couldn't hand it over.
> >
> > On 21/10/2013 11:09 PM, Kyle Maxwell wrote:
> > > On Mon, Oct 21, 2013 at 9:49 PM, Jim Bell <jamesdbell8 at yahoo.com<javascript:;>>
> wrote:
> > >>     The practice of shutting down a service in anticipation of the
> > >> government showing up and issuing a warrant (whether search- or
> > >> pen-register, or whatever) shows not merely a lack of guts, but also
> an
> > >> incredible lack of imagination.  For example, I previously pointed
> out that
> > >> there is no longer any real basis for keeping records on the metadata
> > >> involved in in setting up a telephone call:
> > >
> > > So how do you propose that a provider perform SSL without keeping
> > > their private cert? And how should they respond when a court *orders*
> > > them to allow law enforcement or other agencies to install sniffers on
> > > their network? That's essentially what Lavabit faced.
> > >
> > > Also: it's easy to accuse someone of lacking guts or imagination, but
> > > I don't think any of these folks are shutting down services and even
> > > businesses without serious consideration of the costs involved -
> > > financial and otherwise.
> > >
> > > --
> > > @kylemaxwell
> > >
> >
>
> --
> Sent from Ubuntu
>


-- 
Kelly John Rose
Toronto, ON
Phone: +1 647 638-4104
Twitter: @kjrose
Skype: kjrose.pr
Gtalk: iam at kjro.se
MSN: msn at kjro.se

Document contents are confidential between original recipients and sender.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3034 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20131022/e46a2b6d/attachment-0001.txt>


More information about the cypherpunks mailing list