[70102] in North American Network Operators' Group
Re: Buying and selling root certificates
daemon@ATHENA.MIT.EDU (Scott Francis)
Thu Apr 29 01:49:54 2004
Date: Wed, 28 Apr 2004 22:21:08 -0700
From: Scott Francis <darkuncle@darkuncle.net>
To: North American Noise and Off-topic Gripes <nanog@merit.edu>
Mail-Followup-To: North American Noise and Off-topic Gripes <nanog@merit.edu>
In-Reply-To: <019901c42daa$9daedef0$6401a8c0@stephen>
Errors-To: owner-nanog-outgoing@merit.edu
--f2QGlHpHGjS2mn6Y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Apr 29, 2004 at 12:02:44AM -0500, stephen@sprunk.org said:
>=20
> Thus spake "Robert E. Seastrom" <rs@seastrom.com>
> > Most of us who are willing to opportunistically do STARTTLS are using
> > self-signed certificates anyway. We do this for many reasons; chief
> > among the reasons I do so are:
> >
> > 1) More encrypted traffic running around the Internet is a _good thi=
ng_
>=20
> This is an oft-overlooked angle... If only sensitive information is
> encrypted, then the mere use of encryption makes one a target -- one buys=
a
> safe only if they have valuables to protect, right? However, if every ho=
me
> came with a safe, how would burglars figure out who to rob?
>=20
> The feds clearly have the power to get through or around encryption
> suspected criminals are using: the FBI reports that there have been _zero_
> cases nationwide over the past several years where the use of encryption =
has
> prevented them or other agencies from obtaining the evidence needed, even
> when "secure" tools like PGP, SSL, or IPsec are used.
<snip>
That assumes the FBI can be trusted to be honest about cases where encrypti=
on
successfully foiled their investigations. It is in their best interest, aft=
er
all, to have everyone, criminals included, think encryption is not worth
using (_especially_ if it is). :)
OTOH, the average criminal is probably about as smart as the average user,
which means the FBI wouldn't have to break the crypto, when they could just
guess the criminal's passphrase/password with a minimum of effort ...
(that said, I absolutely agree that more crypto everywhere, for both
important and trivial traffic, is essential to reducing the "unusual" nature
of such traffic. Crypto should be the default, not the exception.)
</wishful thinking>
--=20
Scott Francis | darkuncle(at)darkuncle(dot)net | 0x5537F527
Less and less is done
until non-action is achieved
when nothing is done, nothing is left undone.
-- the Tao of Sysadmin
--f2QGlHpHGjS2mn6Y
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (OpenBSD)
iD4DBQFAkJDEWaB7jFU39ScRAp1NAJizq/Ey47n8KVT86BavyS+ulsaZAJ41rcQ4
rvLS1+pqRl0ReWBUudUf7Q==
=vao5
-----END PGP SIGNATURE-----
--f2QGlHpHGjS2mn6Y--
