BBCR4 on Crypto-wars today at 13:30

Peter Fairbrother zenadsl6186 at
Thu Mar 20 22:46:46 GMT 2014

On 18/03/14 10:25, Caspar Bowden (lists) wrote:
> On 03/17/14 15:52, Peter Fairbrother wrote:
>> ...
>> "The Levinson case goes to the heart of a fundamental clash between
>> two opposing sides - there are those who want our electronic
>> communications to be entirely private, so that absolutely no-one apart
>> from the recipient can know what's benig said. Set against them are
>> those who think the State should be able to get access, for instance
>> when it says it's investigating crime or protecting national security.
>> I think that's it in a nutshell - and on that basis, with the demands
>> for keys in RIPA we lost the crypto wars in the UK.
> The trouble is that states the problem without the context of the UK
> being in forefront to neutralize civilian crypto last 20 years, and the
> drawbacks and hinterland of every policy option

I disagree - and I think it really is quite simple. The state should not 
have any right to know what's being said.


No "it's okay with a warrant". No "we need to do it for xyz reason".

Now that is not saying that the state can't try - just that it has no 
right to succeed.

Because if it has such a right, it's like it's saying "bend over, so we 
can stick it up you if we want to".

And then we all have to bend over.

>> ...
>> BTW, why do you think the Darkmail effort is doomed? I kinda agree,
>> but I'd like to know what you think.
> I don't know what they are doing, but shouldn't trust crypto against
> decryption powers unless trust platform+binary+source+keymat resilient
> to those powers

I'd go with trust platform to start, the rest can come in time. assuming 
free and open-source, that is - which is a bit problematic here, some of 
the protagonists seem to be more into making money these days. Sadly, 
that seems to include Mr Zimmerman :(

As to free and open-source, if it isn't both then Waasseennaar  (I can 
never remember where the double letters go) still applies.

> Confidentiality is orthogonal to what an email service provider can
> provide (but a special network service might provide anonymity)

I think it can do both - in fact I know it can, and how to do it, but 
whether it gets adopted is another matter.

Heck, does it matter if newsupersecureemail runs on email, http, ftp, 
whatever? You'll have to write the clients anyway, what matters is what 
they look like to the users.

eg, what happens if someone sends you an unencrypted email on your 
encrypted service?

-- Peter Fairbrother

More information about the ukcrypto mailing list