nanog mailing list archives
Re: Buying and selling root certificates
From: Valdis.Kletnieks () vt edu
Date: Thu, 29 Apr 2004 11:03:24 -0400
On Thu, 29 Apr 2004 00:02:44 CDT, Stephen Sprunk said:
The feds clearly have the power to get through or around encryption suspected criminals are using: the FBI reports that there have been _zero_ cases nationwide over the past several years where the use of encryption has prevented them or other agencies from obtaining the evidence needed, even when "secure" tools like PGP, SSL, or IPsec are used.
Have to read those stats *very* carefully. What the FBI report actually *says* is that there were zero cases where they didn't eventually get the information they were looking for. That's a very clever use of spin control. :) Remember - in the Scarfo case, they eventually got the info - after resorting to multiple black-bag jobs. I'm sure there were other cases where they got the info via bribery, informants, and plea-bargains, and I'd be very surprised if there were zero cases of rubber-hose crypto. Yes, a *very* well funded and determined adversary can beat crypto (almost always by doing an end run around it). However, raising the bar to that level will eliminate all the successful attacks by lesser adversaries, and can also contribute to the bankrupting of the well-funded - even the FBI can afford only a few Scarfo-scale cases a year...
Attachment:
_bin
Description:
Current thread:
- Buying and selling root certificates Sean Donelan (Apr 28)
- Re: Buying and selling root certificates Robert E. Seastrom (Apr 28)
- Re: Buying and selling root certificates Stephen Sprunk (Apr 28)
- Re: Buying and selling root certificates Scott Francis (Apr 28)
- Re: Buying and selling root certificates Iljitsch van Beijnum (Apr 29)
- Re: Buying and selling root certificates Robert M. Enger (Apr 29)
- Re: Buying and selling root certificates David Lesher (Apr 29)
- Re: Buying and selling root certificates Stephen Sprunk (Apr 29)
- Re: Buying and selling root certificates Valdis . Kletnieks (Apr 29)
- Re: Buying and selling root certificates David Lesher (Apr 29)
- Re: Buying and selling root certificates Stephen Sprunk (Apr 28)
- Re: Buying and selling root certificates Robert E. Seastrom (Apr 28)
- Re: Buying and selling root certificates Randy Bush (Apr 28)
- Re: Buying and selling root certificates David Lesher (Apr 28)
- THe Internet is Too Secure Already (was Re: Buying and selling root certificates) Sean Donelan (Apr 28)
- Spam handling joe (Apr 28)
- Re: Spam handling Doug White (Apr 28)
- Re: Spam handling Gregh (Apr 28)
- Message not available
- Re: Spam handling Gregh (Apr 28)
- Re: Spam handling joe (Apr 28)