Speak of the Devil
Brian Puccio
brian at brianpuccio.net
Sun May 21 09:38:51 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 19, 2006, at 3:59 AM, Dan Mahoney, System Admin wrote:
> On Thu, 18 May 2006, Mike Perry wrote:
> I know warrants are difficult, but I come from a law enforcement
> family.
Thanks to new breakthroughs in Constitutional interpretation, time
consuming things like warrants are no longer needed.
> There's nothing stopping governments from logging the traffic
> (possibly at a higher level, like the upstream level)
Very much like telephone calls.
> and then getting a subpoena for whatever key was used to encrypt it.
I'm sure that sending you off to some hidden prison around the world
for a few months would convince one to hand over the key without a
warrant.
> The PROBLEM with this method is that once the length of the warrant
> has expired, 99 percent of people out there DO NOT check CRL's. I
> myself am guilty of this. I.e. once the government HAS your key,
> they've got it for the lifetime of your cert -- and while you can
> certainly retire that cert from use, there's no way to prevent the
> now-compromised cert and key from being used creatively for the
> remainder of the validity period.
This makes me rethink validity periods, how short is too long? If
something expires in as little as a week, it can still be used for
"creative" purposes for a few days. So I don't think that having an
expiration does any good, CRLs are the way to go.
>> British govt just started pushing for Part III of RIPA citing
>> terrorism and kiddie porn as major reasons to require people to
>> disclose encryption keys...
>>
>> http://arstechnica.com/news.ars/post/20060518-6870.html
>>
>> Seems we may have a strong ally on our side on this one.
>> International
>> bankers might not want the local police requiring them to hand over
>> keys either, though they certainly have enough political influence to
>> stop investigations before they start I'm sure...
>>
>> The UK Crypto thread that spawned this article is here:
>> http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2006-May/
>> 080742.html
>>
>> One can only hope that the Bill of Rights is enough to keep this
>> bullshit out of the US, but who knows.
>>
>>
>
> --
>
> "Don't be so depressed dear."
>
> "I have no endorphins, what am I supposed to do?"
>
> -DM and SK, February 10th, 1999
>
> --------Dan Mahoney--------
> Techie, Sysadmin, WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144 AIM: LarpGM
> Site: http://www.gushi.org
> ---------------------------
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFEcDUv/FtTOrvSQB8RAh92AJ0Zn+47PwwbxaXPfQYdI2Yfszk3vgCffwqL
RAfK6l4M8Xm60AnNj2q8kiI=
=kWOP
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list