BBCR4 on Crypto-wars today at 13:30
zenadsl6186 at zen.co.uk
Thu Mar 20 22:46:46 GMT 2014
On 18/03/14 10:25, Caspar Bowden (lists) wrote:
> On 03/17/14 15:52, Peter Fairbrother wrote:
>> "The Levinson case goes to the heart of a fundamental clash between
>> two opposing sides - there are those who want our electronic
>> communications to be entirely private, so that absolutely no-one apart
>> from the recipient can know what's benig said. Set against them are
>> those who think the State should be able to get access, for instance
>> when it says it's investigating crime or protecting national security.
>> I think that's it in a nutshell - and on that basis, with the demands
>> for keys in RIPA we lost the crypto wars in the UK.
> The trouble is that states the problem without the context of the UK
> being in forefront to neutralize civilian crypto last 20 years, and the
> drawbacks and hinterland of every policy option
I disagree - and I think it really is quite simple. The state should not
have any right to know what's being said.
No "it's okay with a warrant". No "we need to do it for xyz reason".
Now that is not saying that the state can't try - just that it has no
right to succeed.
Because if it has such a right, it's like it's saying "bend over, so we
can stick it up you if we want to".
And then we all have to bend over.
>> BTW, why do you think the Darkmail effort is doomed? I kinda agree,
>> but I'd like to know what you think.
> I don't know what they are doing, but shouldn't trust crypto against
> decryption powers unless trust platform+binary+source+keymat resilient
> to those powers
I'd go with trust platform to start, the rest can come in time. assuming
free and open-source, that is - which is a bit problematic here, some of
the protagonists seem to be more into making money these days. Sadly,
that seems to include Mr Zimmerman :(
As to free and open-source, if it isn't both then Waasseennaar (I can
never remember where the double letters go) still applies.
> Confidentiality is orthogonal to what an email service provider can
> provide (but a special network service might provide anonymity)
I think it can do both - in fact I know it can, and how to do it, but
whether it gets adopted is another matter.
Heck, does it matter if newsupersecureemail runs on email, http, ftp,
whatever? You'll have to write the clients anyway, what matters is what
they look like to the users.
eg, what happens if someone sends you an unencrypted email on your
-- Peter Fairbrother
More information about the ukcrypto