[70104] in North American Network Operators' Group
Re: Buying and selling root certificates
daemon@ATHENA.MIT.EDU (Robert M. Enger)
Thu Apr 29 06:10:14 2004
Date: Thu, 29 Apr 2004 14:04:40 +0400
To: Iljitsch van Beijnum <iljitsch@muada.com>,
"Stephen Sprunk" <stephen@sprunk.org>
From: "Robert M. Enger" <enger@comcast.net>
Cc: North American Noise and Off-topic Gripes <nanog@merit.edu>
In-Reply-To: <5B670096-99AC-11D8-989E-000A95CD987A@muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
At 11:10 AM 4/29/2004, Iljitsch van Beijnum wrote:
>On 29-apr-04, at 7:02, Stephen Sprunk wrote:
>
>>The feds clearly have the power to get through or around encryption
>>suspected criminals are using: the FBI reports that there have been _zero_
>>cases nationwide over the past several years where the use of encryption has
>>prevented them or other agencies from obtaining the evidence needed, even
>>when "secure" tools like PGP, SSL, or IPsec are used.
>
>I have a hard time believing this...
>
>So what do they do? Send a team in to retrieve the key from your system?
>Borrow some CPU time from the NSA?
They secretly enter your house and put a hardware monitor on your keyboard
to collect your passphrase as you type it in.
http://www.wired.com/news/privacy/0,1848,49455,00.html
If you use the NSA, then you can't prosecute. The NSA won't testify in
court, because they won't divulge what their true capabilities are.
So, you only use the NSA when the knowledge is more important than being
able to prosecute.
Maybe this will cut down on unemployment a little:
The Watergate burglars now have job opportunities :-)
