Windows guru requested - Securing Windows

Brian Gladman ukcrypto at chiark.greenend.org.uk
Thu, 08 Jun 2006 10:46:30 +0100 

Watkin Simon wrote:
>> From: Peter Fairbrother [mailto:zenadsl6186@zen.co.uk]
>> Sent: 07 June 2006 7:38 PM
>>
>> Today the UK Home Office announced the public consultation on the Code of
>> Practice of Part 3 of RIPA. This is the first stage of the process by
>> which
>> it can be brought into force. Part III of RIPA is the
>> "policeman-say-gimme-all-your-keys-or-go-to-jail-(and-don't-tell-anybody)"
>> law passed 6 years ago but not yet brought into force.
> 
> I think you mean
> "policeman-may-say-gimme-a-key-of-your-choice-to-make-sense-of-data-he-got-o
> r-about-to-get-(and-he-may-say-don't-tell-anyone-except-your-lawyer)".  Then
> again he's more likely to say, "I've got some data I know you can make sense
> of it, make sense of it".

Simon, I don't believe in blind trust when it comes to the security of
encryption keys on which my safety and security (or both) might depend.

If I am going to be asked to hand over such keys to _any_ other party, I
would expect, before handing them over, to be able to determine to _my_
satisfaction that the protection that will be offered to my keys by this
party will meet my needs as _I_ see them to be.

Have you released details of the procedural, technical and operational
processes that will be used for the handling and protection of seized
encryption keys?

If so can you please let us know where these details are available?

Unless I missed it, I did not see the unconditional and unconstrained
right of key owners to revoke their keys at any time, irrespective of
whether they are seized or are subject to seizure, had been recognised
in your proposals.

Nor did I see a clear statement indicating that the unqualified
revocation of a key subject to seizure did not constitute tipping off.

As you will remember, these matters were the subject of assurances that
were given during the passage of RIP through Parliament.

Did I miss coverage of these issues in what you have just released
(which I have not yet had time to read in detail)?

   Brian Gladman