[113481] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Death of antivirus software imminent

daemon@ATHENA.MIT.EDU (James A. Donald)
Fri Jan 18 10:51:45 2008

Date: Fri, 18 Jan 2008 19:35:57 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: Alex Alten <alex@alten.org>
CC: "Leichter, Jerry" <leichter_jerrold@emc.com>, 
 "Steven M. Bellovin" <smb@cs.columbia.edu>,
 dan@geer.org, cryptography@metzdowd.com
In-Reply-To: <4.3.2.7.1.20080111170151.03e13890@mail.alten.org>

Alex Alten wrote:
 > Generally any standard encrypted protocols will
 > probably eventually have to support some sort of CALEA
 > capability. For example, using a Verisign ICA
 > certificate to do MITM of SSL, or possibly requiring
 > Ebay to provide some sort of legal access to Skype
 > private keys.

And all the criminals will of course obey the law.

Why not just require them to set an evil flag on all
their packets?

 > If there is a 2nd layer of encryption then this would
 > require initial key exchanges that may be vulnerable
 > to interception or after-the-fact analysis of the
 > decrypted SSL payloads.

I guarantee I can make any payload look like any other
payload.  If the only permitted communications are
prayers to Allah, I can encode key exchange in prayers
to Allah.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post