[70108] in North American Network Operators' Group
Re: Buying and selling root certificates
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Apr 29 11:04:12 2004
To: Stephen Sprunk <stephen@sprunk.org>
Cc: North American Noise and Off-topic Gripes <nanog@merit.edu>
In-Reply-To: Your message of "Thu, 29 Apr 2004 00:02:44 CDT."
<019901c42daa$9daedef0$6401a8c0@stephen>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 29 Apr 2004 11:03:24 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-324549408P
Content-Type: text/plain; charset=us-ascii
On Thu, 29 Apr 2004 00:02:44 CDT, Stephen Sprunk said:
> The feds clearly have the power to get through or around encryption
> suspected criminals are using: the FBI reports that there have been _zero_
> cases nationwide over the past several years where the use of encryption has
> prevented them or other agencies from obtaining the evidence needed, even
> when "secure" tools like PGP, SSL, or IPsec are used.
Have to read those stats *very* carefully. What the FBI report actually
*says* is that there were zero cases where they didn't eventually get
the information they were looking for. That's a very clever use of spin control. :)
Remember - in the Scarfo case, they eventually got the info - after resorting
to multiple black-bag jobs. I'm sure there were other cases where they got the
info via bribery, informants, and plea-bargains, and I'd be very surprised if
there were zero cases of rubber-hose crypto.
Yes, a *very* well funded and determined adversary can beat crypto (almost
always by doing an end run around it). However, raising the bar to that level
will eliminate all the successful attacks by lesser adversaries, and can also
contribute to the bankrupting of the well-funded - even the FBI can afford only
a few Scarfo-scale cases a year...
--==_Exmh_-324549408P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAkRk8cC3lWbTT17ARAlFwAJ9hgFexNlfM8h7JOhBi2E8P1CQxfgCgsb3y
QoqlDffAWojqWU62qoomPpw=
=YfVj
-----END PGP SIGNATURE-----
--==_Exmh_-324549408P--
