[70099] in North American Network Operators' Group
Re: Buying and selling root certificates
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Thu Apr 29 01:28:11 2004
From: "Stephen Sprunk" <stephen@sprunk.org>
To: "Sean Donelan" <sean@donelan.com>,
"Robert E. Seastrom" <rs@seastrom.com>
Cc: "North American Noise and Off-topic Gripes" <nanog@merit.edu>
Date: Thu, 29 Apr 2004 00:02:44 -0500
Errors-To: owner-nanog-outgoing@merit.edu
Thus spake "Robert E. Seastrom" <rs@seastrom.com>
> Most of us who are willing to opportunistically do STARTTLS are using
> self-signed certificates anyway. We do this for many reasons; chief
> among the reasons I do so are:
>
> 1) More encrypted traffic running around the Internet is a _good thing_
This is an oft-overlooked angle... If only sensitive information is
encrypted, then the mere use of encryption makes one a target -- one buys a
safe only if they have valuables to protect, right? However, if every home
came with a safe, how would burglars figure out who to rob?
The feds clearly have the power to get through or around encryption
suspected criminals are using: the FBI reports that there have been _zero_
cases nationwide over the past several years where the use of encryption has
prevented them or other agencies from obtaining the evidence needed, even
when "secure" tools like PGP, SSL, or IPsec are used. Unfortunately, one
must then assume that other, less honest parties have the same success rate,
and so the only defense is to make it impossible to determine _which_
traffic to decrypt and even who is talking to whom.
S
Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin
