The best part of the “going dark” debate is that we have to pretend sophisticated attacks by nation-states and criminals are some kind of Gibsonian sci-fi fantasy. It’s 2019. Theres a multi-billion dollar industry around attacking phone security systems.https://www.fastcompany.com/90307864/u-s-fund-sells-israeli-hacking-firm-nso-group-amid-spy-mystery …
-
Show this thread
-
Replying to @matthew_d_green @rmhrisk
As a thought experiment, if you had to choose between a key escrow system accessible to due process (with all the risks you've spelled out) xor eliminating criminal/state access to 0day exploits, which would you choose? (I'm not making a point, just curious about your position).
6 replies 2 retweets 23 likes -
I would ban state-sponsored key escrow and accept 0-day. Criminals do far less systematic damage than authoritarian states do. It’s also possible to defend against 0-day. Nothing can be done to prevent abuse of key escrow, and no way to see it being used.
1 reply 0 retweets 1 like -
Interesting, but not sure I understand the "no way to see it" point, presumably it would require a legal paper trail and audited access (the same way the signing keys are stored in an HSM today, for example).
3 replies 0 retweets 1 like -
Also the type of authentication that is done by a a CA is far easier to implement (prove you control the thing you want access to) vs prove you are a representative of a organization that is part of a government that is authorized to get unfettered across to someone’s else’s info
1 reply 0 retweets 0 likes -
Despite this a large majority of the miss issuance by CAs is a result of human error; it’s a significant percentage of issuance too. Importantly far less is at risk in that system also.
1 reply 0 retweets 0 likes -
Very true, but we have also had package signing infrastructure compromised (e.g. Microsoft, Red Hat, Debian, Adobe) and that's what we rely on today. So I don't see this as a significant increase in risk, I take it you disagree?
1 reply 0 retweets 0 likes -
I do disagree; it’s much easier for Microsoft to authenticate the entitlement of their employee than it is for them to authenticate the entitlement of a person in a entity that has government affiliation that is authorized by that government to decrypt your device; ...
1 reply 0 retweets 2 likes -
both involve human processes that need not to fail but one is plausible risk can be reduced substantially; the other is effectively unbounded.
1 reply 0 retweets 0 likes
Hmm, I suppose it's a matter of opinion, we have good data that CA and package signing infrastructure has been compromised and abused. It's not obvious to me that one is easier to get right than the other.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.