Windows guru requested - Securing Windows

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Sat, 10 Jun 2006 19:19:42 +0100 

Brian Gladman wrote:

> Many keys cannot seriously be trusted since their owners are not
> themselves trustworthy. But over the years many of us have built up
> collections of keys by personal 'face to face' key exchange in such a
> way that we can equate trust in the key with trust in its owner.  But
> once you make these keys subject to seizure you are undermining the
> whole basis on which such trust networks are built.
> 
> In my view this is a very dangerous step to take since it is attacks the
> very trust on which the use and value of encryption depends.
> 
> This might also be a very risky step since the removal of trust in what
> we use now is almost certain to result in alternatives that will be far
> worse from a legal access point of view. I am hence worried that this is
> a 'crypto war' that will escalate in a way that could leave us worse off
> than if we simply leave things alone.


It will. 



I have war-gamed the crypto war quite a lot. I intensely dislike what would
have to be done in order for the privacy side to win it, but they would win.

For instance, I cannot write a law that retains both "beyond reasonable
doubt" and law enforcement access to material people wish to protect.

Actually I cannot write a law that gives unfettered access to protected
secrets at all, even with torture and mass surveillance. There is hope,
privacy will win in the end - or rather the tyranny will lose, they might
take the privacy faction with them and we will all be dead.

But it may be a long hard road, with much unnecessary nastiness along the
way.




That is what is being spawned here, Simon.




I noticed you/they avoided the 6/6/6 to begin it - by a single day.




>>> Nor did I see a clear statement indicating that the unqualified
>>> revocation of a key subject to seizure did not constitute tipping off.
>> 
>> Paragraph 10.12
> 
> Thanks, I did miss this.
> 
> We will need a wording here that makes it clear beyond doubt that
> revocations that allow an inference of key seizure to be drawn will not
> constitute tipping off.
> 
> That is a statement along the lines of "if I revoke this key I will
> always be prepared to give a reason if I am legally allowed to do so"
> combined with the answer "I cannot tell you why I have revoked this key"
> are not going to prove problematic.

Hmmm, I don't think you'll get that unless the first part is done before the
demand, and even then ...

        ... but perhaps: "I hereby repudiate key xxxx. I am legally
prevented from explaining (unable to explain) why." would be okay.

bit of a giveaway though, neh?


-- 
Peter Fairbrother