To be fair building in backdoors also puts people at risk.
-
-
Replying to @rmhrisk @matthew_d_green and
Sure. I don't like key escrow, but arguing for more 0day hoarding as a substitute seems like arguing to protect the ideological purity of cryptography rather than less risk.
4 replies 0 retweets 1 like -
My point is that 0day hoarding is absolutely inevitable. No matter how many key escrow systems you mandate. There will always be an abundance of criminals that don’t use the key escrow system (which right now is as simple as downloading an app) or who just store data locally.
2 replies 1 retweet 15 likes -
Replying to @matthew_d_green @rmhrisk and
It's not inevitable at all, the government is big enough to move markets and a shift in policy can drastically change the risks people are exposed to. I'm not in favour of key escrow, but encouraging more government exploit usage is even worse.
2 replies 0 retweets 2 likes -
Replying to @taviso @matthew_d_green and
Let me clarify something, are you in favour of the *results* of key escrow (e.g. state access to private data), so long as something other than key escrow is used to achieve that?
3 replies 2 retweets 1 like -
Replying to @taviso @daveaitel and
i might be in the minority with this controversial opinion, but i would be in favour of eradicating the 0day market if it were an option — however, it is *tolerable* in comparison to key escrow systems because it's a law of nature and doesn't itself increase attack surface
1 reply 0 retweets 5 likes -
Replying to @saleemrash1d @daveaitel and
interesting thanks, but the counter argument is that while it doesn't *increase* attack surface - a policy change (perhaps tweaking VEP, or something) can get vulnerabilities fixed that are being abused by adversaries. That is a positive thing, right?
1 reply 0 retweets 1 like -
Replying to @taviso @daveaitel and
key escrow isn't an alternative to 0days, so no government would give up their exploit capability: - you can't target smart criminals that move to "illegal encryption" - you lose other capabilities that aren't at all related to encrypted communications
1 reply 0 retweets 5 likes -
Replying to @saleemrash1d @daveaitel and
I know how 0days work, the question is whether it's acceptable to encourage increasing the adoption of exploitation in exchange for dropping attempts at building key escrow. I have a problem with that.
3 replies 0 retweets 0 likes -
Replying to @taviso @daveaitel and
but no one is encouraging an increase in the adoption of exploitation — it will happen whether or not we want it to, and it will happen whether or not we build a key escrow system.
1 reply 0 retweets 2 likes
Tavis Ormandy Retweeted qwertyoruiop
Multiple people are arguing that, how else should I interpret this?https://twitter.com/qwertyoruiopz/status/1205941285162536960 …
Tavis Ormandy added,
-
-
Replying to @taviso @daveaitel and
Saleem Rashid Retweeted qwertyoruiop
your thought experiment was "0day XOR key escrow" and he went firmly for "0day, NOT key escrow"? that isn't the same as pushing for increased 0day usage, especially given this:https://twitter.com/qwertyoruiopz/status/1205943007599628295 …
Saleem Rashid added,
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.