[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Speak of the Devil
-----BEGIN PGP SIGNED MESSAGE-----
On May 19, 2006, at 3:59 AM, Dan Mahoney, System Admin wrote:
On Thu, 18 May 2006, Mike Perry wrote:
I know warrants are difficult, but I come from a law enforcement
Thanks to new breakthroughs in Constitutional interpretation, time
consuming things like warrants are no longer needed.
There's nothing stopping governments from logging the traffic
(possibly at a higher level, like the upstream level)
Very much like telephone calls.
and then getting a subpoena for whatever key was used to encrypt it.
I'm sure that sending you off to some hidden prison around the world
for a few months would convince one to hand over the key without a
The PROBLEM with this method is that once the length of the warrant
has expired, 99 percent of people out there DO NOT check CRL's. I
myself am guilty of this. I.e. once the government HAS your key,
they've got it for the lifetime of your cert -- and while you can
certainly retire that cert from use, there's no way to prevent the
now-compromised cert and key from being used creatively for the
remainder of the validity period.
This makes me rethink validity periods, how short is too long? If
something expires in as little as a week, it can still be used for
"creative" purposes for a few days. So I don't think that having an
expiration does any good, CRLs are the way to go.
British govt just started pushing for Part III of RIPA citing
terrorism and kiddie porn as major reasons to require people to
disclose encryption keys...
Seems we may have a strong ally on our side on this one.
bankers might not want the local police requiring them to hand over
keys either, though they certainly have enough political influence to
stop investigations before they start I'm sure...
The UK Crypto thread that spawned this article is here:
One can only hope that the Bill of Rights is enough to keep this
bullshit out of the US, but who knows.
"Don't be so depressed dear."
"I have no endorphins, what am I supposed to do?"
-DM and SK, February 10th, 1999
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
-----END PGP SIGNATURE-----