Yeah, I don't want key escrow, but it does bother me that some vocal opponents appear to be encouraging an increase in state 0day usage as an alternative.
-
-
Replying to @taviso @idafanatic and
Do you think that they'll reduce state 0day usage if they have key escrow? They'll hoard 0days anyways, just because they don't know when the ones they have get known and therefore are "burnt". Also: there is no secure way of implementing escrow...
3 replies 1 retweet 1 like -
Yes. The high-end criminals will absolutely adapt to using encryption tools that are opaque to key escrow (see the recent arrests around PhantomSecure) and the government will go back to using 0days on them. Key escrow is for the dumb criminals.
1 reply 0 retweets 12 likes -
Replying to @matthew_d_green @N8Fear and
I think we agree that today, you can just use 0day to achieve, more or less, everything you would want to achieve with key escrow. It would bother me if you're arguing that is acceptable, because hoarding 0day puts people at risk.
2 replies 0 retweets 8 likes -
Replying to @taviso @matthew_d_green and
To be fair building in backdoors also puts people at risk.
1 reply 0 retweets 4 likes -
Replying to @rmhrisk @matthew_d_green and
Sure. I don't like key escrow, but arguing for more 0day hoarding as a substitute seems like arguing to protect the ideological purity of cryptography rather than less risk.
4 replies 0 retweets 1 like -
My point is that 0day hoarding is absolutely inevitable. No matter how many key escrow systems you mandate. There will always be an abundance of criminals that don’t use the key escrow system (which right now is as simple as downloading an app) or who just store data locally.
2 replies 1 retweet 15 likes -
Replying to @matthew_d_green @rmhrisk and
It's not inevitable at all, the government is big enough to move markets and a shift in policy can drastically change the risks people are exposed to. I'm not in favour of key escrow, but encouraging more government exploit usage is even worse.
2 replies 0 retweets 2 likes -
Replying to @taviso @matthew_d_green and
Let me clarify something, are you in favour of the *results* of key escrow (e.g. state access to private data), so long as something other than key escrow is used to achieve that?
3 replies 2 retweets 1 like -
Replying to @taviso @daveaitel and
i might be in the minority with this controversial opinion, but i would be in favour of eradicating the 0day market if it were an option — however, it is *tolerable* in comparison to key escrow systems because it's a law of nature and doesn't itself increase attack surface
1 reply 0 retweets 5 likes
interesting thanks, but the counter argument is that while it doesn't *increase* attack surface - a policy change (perhaps tweaking VEP, or something) can get vulnerabilities fixed that are being abused by adversaries. That is a positive thing, right?
-
-
Replying to @taviso @daveaitel and
key escrow isn't an alternative to 0days, so no government would give up their exploit capability: - you can't target smart criminals that move to "illegal encryption" - you lose other capabilities that aren't at all related to encrypted communications
1 reply 0 retweets 5 likes -
Replying to @saleemrash1d @daveaitel and
I know how 0days work, the question is whether it's acceptable to encourage increasing the adoption of exploitation in exchange for dropping attempts at building key escrow. I have a problem with that.
3 replies 0 retweets 0 likes - 29 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.