CryptoSeal shutters, ala: LavaBit
Kelly John Rose
iam at kjro.se
Mon Oct 21 20:26:26 PDT 2013
Crazy idea.
Put the server into the hands of a third party outside of the US. Have
that 3rd party have total and absolute rights to the SSL root
certificate and your party to not have any capacity to force said party
to hand over the certificate. You use it, but you don't have any ability
to actually get access to it directly.
Crazy idea, but I wonder if there would be some way to make this work
where even if they tried to force you, you couldn't hand it over.
On 21/10/2013 11:09 PM, Kyle Maxwell wrote:
> On Mon, Oct 21, 2013 at 9:49 PM, Jim Bell <jamesdbell8 at yahoo.com> wrote:
>> The practice of shutting down a service in anticipation of the
>> government showing up and issuing a warrant (whether search- or
>> pen-register, or whatever) shows not merely a lack of guts, but also an
>> incredible lack of imagination. For example, I previously pointed out that
>> there is no longer any real basis for keeping records on the metadata
>> involved in in setting up a telephone call:
>
> So how do you propose that a provider perform SSL without keeping
> their private cert? And how should they respond when a court *orders*
> them to allow law enforcement or other agencies to install sniffers on
> their network? That's essentially what Lavabit faced.
>
> Also: it's easy to accuse someone of lacking guts or imagination, but
> I don't think any of these folks are shutting down services and even
> businesses without serious consideration of the costs involved -
> financial and otherwise.
>
> --
> @kylemaxwell
>
--
Kelly John Rose
Mississauga, ON
Phone: +1 647 638-4104
Twitter: @kjrose
Document contents are confidential between original recipients and sender.
More information about the cypherpunks
mailing list