I suppose my question is, to put it bluntly, are you willing to throw people trying to make exploitation harder under a bus to prevent key escrow?
I think some people are, which bothers me. If you're not, then we're probably on the same page (or at least the same chapter!
)
-
-
Replying to @taviso @matthew_d_green and
How about a third option: Being OK with the idea that some data might never be accessible to police agencies, even if it means a guilty person might get away with a crime.
2 replies 1 retweet 6 likes -
Replying to @0xMatt @matthew_d_green and
I mean, that is implicitly one of the options, right? The option I'm not willing to accept is "we don't need key escrow, because you can just hoard more vulnerabilities", because I worry that is putting more people at risk.
1 reply 0 retweets 2 likes -
Replying to @Joshua_Brindle @0xMatt and
Not at all, it is absolutely a risk and I don't think key escrow is a good idea. The problem I have is anyone encouraging 0day as an alternative to key escrow. That seems like protecting the ideological purity of cryptography rather than reducing risk, and gov still has access.
0 replies 0 retweets 0 likes -
Replying to @Joshua_Brindle @0xMatt and
You're missing the point. You can take away exploits from other people by fixing vulnerabilities, so big players committing to hoarding less exploits forcibly reduces the number of exploits held by adversaries. That is why fixing bugs is good.
0 replies 0 retweets 0 likes -
Replying to @Joshua_Brindle @0xMatt and
Yes, because here's the thing about exploits - you can't stop other people using them against you, your allies, civilians, etc. That's why fixing them is a good thing, and hoarding them puts everyone at risk - including the hoarder.
0 replies 0 retweets 0 likes
Thanks! They're already supposed to be doing that, it's called the Vulnerability Equities Process, and is supposed to balance the risks. We can debate if it's working (I don't think so), but the point is there's an understanding there's a balance.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.