Speak of the Devil

Brian Puccio brian at brianpuccio.net
Sun May 21 09:38:51 UTC 2006

Hash: SHA1

On May 19, 2006, at 3:59 AM, Dan Mahoney, System Admin wrote:

> On Thu, 18 May 2006, Mike Perry wrote:
> I know warrants are difficult, but I come from a law enforcement  
> family.

Thanks to new breakthroughs in Constitutional interpretation, time  
consuming things like warrants are no longer needed.

> There's nothing stopping governments from logging the traffic  
> (possibly at a higher level, like the upstream level)

Very much like telephone calls.

> and then getting a subpoena for whatever key was used to encrypt it.

I'm sure that sending you off to some hidden prison around the world  
for a few months would convince one to hand over the key without a  

> The PROBLEM with this method is that once the length of the warrant  
> has expired, 99 percent of people out there DO NOT check CRL's.  I  
> myself am guilty of this.  I.e. once the government HAS your key,  
> they've got it for the lifetime of your cert -- and while you can  
> certainly retire that cert from use, there's no way to prevent the  
> now-compromised cert and key from being used creatively for the  
> remainder of the validity period.

This makes me rethink validity periods, how short is too long? If  
something expires in as little as a week, it can still be used for  
"creative" purposes for a few days. So I don't think that having an  
expiration does any good, CRLs are the way to go.

>> British govt just started pushing for Part III of RIPA citing
>> terrorism and kiddie porn as major reasons to require people to
>> disclose encryption keys...
>> http://arstechnica.com/news.ars/post/20060518-6870.html
>> Seems we may have a strong ally on our side on this one.  
>> International
>> bankers might not want the local police requiring them to hand over
>> keys either, though they certainly have enough political influence to
>> stop investigations before they start I'm sure...
>> The UK Crypto thread that spawned this article is here:
>> http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2006-May/ 
>> 080742.html
>> One can only hope that the Bill of Rights is enough to keep this
>> bullshit out of the US, but who knows.
> --
> "Don't be so depressed dear."
> "I have no endorphins, what am I supposed to do?"
> -DM and SK, February 10th, 1999
> --------Dan Mahoney--------
> Techie,  Sysadmin,  WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144   AIM: LarpGM
> Site:  http://www.gushi.org
> ---------------------------

Version: GnuPG v1.4.3 (Darwin)


More information about the tor-talk mailing list