Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Feds put heat on Web firms for master encryption keys

Tom Ritter tom at ritter.vg
Thu Jul 25 05:54:58 PDT 2013


On 25 July 2013 06:41, Ben Laurie <ben at links.org> wrote:
> What helps here is perfect forward secrecy.

Only so long as the exact same web companies can _also_ justify not
giving up the secrets on the backend.  IANAL obviously, but as we saw
in the compelled encryption keys for hard drives, the government chose
the very intelligent tact of not demanding the key, but rather access
to the decrypted content.  If this was argued in court, and they made
the same argument, ant the government won... well, it might make PFS
useless too.  (The company choosing to either not use PFS so they
don't have to modify their SSL terminators, or making the modification
and handing the premaster secret over).   I, personally, would not
feel confident in PFS keeping the government out of the SSL stream if
I suspected the SSL keys were being handed over.

> BTW, better alternative to Convergence: Certificate Transparency -
> http://tools.ietf.org/html/rfc6962.

Only in an architectural sense - in a year we might have Chrome
enforcing CT for specific CAs, and in a couple of years to ten years,
we might have CT applying to all CAs in a trust store*.  You can use
Convergence today.

-tom

* This is obviously wild speculation about plans from someone who has
no idea what Chrome is planning, talking to someone who does, but
probably can't talk about it publicly yet.



More information about the liberationtech mailing list