Re: IESG meeting thoughts

Nico Williams <> Fri, 20 May 2016 04:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5D3EC12D605 for <>; Thu, 19 May 2016 21:14:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id m5su3ZjgY27g for <>; Thu, 19 May 2016 21:14:04 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 83C6512B03C for <>; Thu, 19 May 2016 21:14:04 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 0F031264098; Thu, 19 May 2016 21:14:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to;; bh=9epXXarjSOIRo4 PJ9AnaP313Kn8=; b=tz8BJkw+WRUb5XAOxFM4HZtvZsBUAyU2INAVSWB/kzEA/i vYF59+v5qElXNFGC7mEiDvyrOKhwyduko0AWDdpXXzgp6PS7gvQ/e2qjJLDO7KcU TqhCxrLgcyMjDjullPKytrReKz+SDAETUiyteIDY19BUWY+v6I2ZlyrnqCQMU=
Received: from localhost ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 6B2F3264057; Thu, 19 May 2016 21:14:03 -0700 (PDT)
Date: Thu, 19 May 2016 23:14:01 -0500
From: Nico Williams <>
To: Phillip Hallam-Baker <>
Subject: Re: IESG meeting thoughts
Message-ID: <20160520041400.GG19530@localhost>
References: <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <>
Cc: Michael Richardson <>, " list" <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 20 May 2016 04:14:06 -0000

On Tue, May 17, 2016 at 08:04:17PM -0400, Phillip Hallam-Baker wrote:
> Crypto doesn't actually solve any of your security problems. Not one,
> zilch, zero.
> What cryptography does is to reduce the size of your information security
> problem. It can reduce it in size from megabytes or even terrabytes to a
> 128 bit key or deciding whether or not to trust one of millions of Web
> sites to whether or not to trust the 50 WebPKI CAs (or ICANN if you are
> feeling really brave). But that is all cryptography does for you. It
> reduces the size of your security problem.
> You still have to work out how to keep that key secure or make sure you
> have the right trust anchor. Reducing problems in size is good but you
> still have to solve them.

Yes, indeed.  However, you can make HW that protects a small secret like
that really well, and that's what the dust up between the FBI and Apple
was about.  It turns out that Apple can make that HW even better, and
they even might.  The better that piece of hardware, the more expensive
to defeat it, the less likely it is that it will be defeated by
criminals -- and tyrants, but also legitimate state actors; HW and SW
doesn't know the difference.

Now, of course *convenience* is the achilles heel of any plan to secure
even a small secret.  Thus we see courts demanding that people unlock
their mobile devices (and why should this surprise anyone?  there's
nothing special about crypto in this regard).

But dead people don't care about convenience, which is how one murderous
terrorist bastard managed to single-handedly greatly increase the tempo
of the current crypto war.  One wonders whether that was their plan!

The important thing is to provide a clear and correct understanding of
the issues to the bureaucrats and politicians, and also of the
trade-offs implied by any proposed policy.  And the public too (but
that's much harder).