[113199] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Death of antivirus software imminent

daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Jan 14 18:48:05 2008

Date: Mon, 14 Jan 2008 22:49:07 +0000
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Alex Alten <alex@alten.org>
Cc: "Leichter, Jerry" <leichter_jerrold@emc.com>, dan@geer.org,
 cryptography@metzdowd.com
In-Reply-To: <4.3.2.7.1.20080111170151.03e13890@mail.alten.org>

On Fri, 11 Jan 2008 17:32:04 -0800
Alex Alten <alex@alten.org> wrote:


> 
> Generally any standard encrypted protocols will probably eventually
> have to support some sort of CALEA capability. For example, using a
> Verisign ICA certificate to do MITM of SSL, or possibly requiring
> Ebay to provide some sort of legal access to Skype private keys.  

...
> 
> >This train left the station a *long* time ago.
> 
> So it's not so clear that the train has even left the station.
> 
You've given a wish list but you haven't explained why you think it
will happen.  The US government walked away from the issue years ago,
when the Clipper chip effort failed.  Even post-9/11, the Bush
administration chose not to revisit the question.

The real issue, though, is technical rather than political will.  CALEA
is a mandate for service providers; key escrow is a requirement on the
targets of the surveillance.  The bad guys won't co-operate...

		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post