[saag] CNN Says: Encryption a growing threat to security
Yoav Nir <ynir.ietf@gmail.com> Tue, 04 August 2015 06:41 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDC951B365E for <saag@ietfa.amsl.com>; Mon, 3 Aug 2015 23:41:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9_1Z_LLDP9Lk for <saag@ietfa.amsl.com>; Mon, 3 Aug 2015 23:41:39 -0700 (PDT)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D906E1B365C for <saag@ietf.org>; Mon, 3 Aug 2015 23:41:38 -0700 (PDT)
Received: by wibxm9 with SMTP id xm9so9523287wib.1 for <saag@ietf.org>; Mon, 03 Aug 2015 23:41:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:message-id:date:to:mime-version; bh=Wzs3aDiWASN/TgXfXUMgKMkJLCDFH3lNHg5RhPOxtS8=; b=YBgm1QPtvLhKWVYKQgQYpOK1RuvaZnZaMTla6AMJD2ZzrTYnM4m5i3oP4H7y4j3D5v 5lMhF2BYxB8U1NIs/6S0e7+K6h08Tfy49qHcHOIezwtZbKhcaTzG6zodwOReFSXszrp1 drmy/V3IVzmeeDVFsP+jJd436P7zTkGnaZDL8G4rZbCI2vBtinTNd8V8fjlSvShjS+If ezbLdPsVPT+W5FzyMxi2W5Oj42Y7dtLczRoL+HFL7GDz6MOPs8Vm97Iu/9SOmBAt6/S8 H0Ay8nzHpNXXDq2n+ybS3aAz3t9wpTeSDBGpvZJ3EHwCCUIFA2QyRKTae7wSAMDYhnoV YREA==
X-Received: by 10.180.77.200 with SMTP id u8mr4803790wiw.70.1438670497649; Mon, 03 Aug 2015 23:41:37 -0700 (PDT)
Received: from [192.168.1.15] ([46.120.13.132]) by smtp.gmail.com with ESMTPSA id ez4sm634616wid.14.2015.08.03.23.41.35 for <saag@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 03 Aug 2015 23:41:36 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9628D1BF-5177-4B2B-B6DC-4E4C74011566"
Message-Id: <29B747CA-4723-47B4-9588-A81A89DCEB07@gmail.com>
Date: Tue, 04 Aug 2015 09:41:33 +0300
To: Security Area Advisory Group <saag@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
X-Mailer: Apple Mail (2.2102)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/eSkK-qr9PHjkAG1qxD0NI2gSCTI>
Subject: [saag] CNN Says: Encryption a growing threat to security
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2015 06:41:41 -0000
http://edition.cnn.com/2015/08/01/opinions/rogers-encryption-security-risk/index.html <http://edition.cnn.com/2015/08/01/opinions/rogers-encryption-security-risk/index.html> If encryption is so dangerous to security, why does the US government use it so much? Both the article and the video contain a bunch of nonsense, but I worry a lot about this kind of message being sent to the public by a trusted source such as CNN. I think the worst of this is presenting the issue as if this “master key” scheme is in the interest of the public, whereas the only downside is the bottom-line of corporations. So all those tech companies resisting such mandates are just heartlessly putting profits before the safety of the people. It’s a powerful message, and I’m afraid a lot of people, even well-educated ones, are buying it. IMO key escrow with a private corporation is marginally worse than key escrow with the government, but both mean that we can’t trust the encryption. In the old Perry Mason novels, private detective Paul Drake would go to his friend at the phone company, slip him some money and get the phone records for whoever Perry Mason suspected. I guess in this brave new world that Mike Rogers is advocating the new Paul Drake would go to his friend at Google and get their TLS keys. In such a world, I don’t know if it’s prudent for my doctor to send me the result of my blood test over HTTPS, or for companies to move personnel records from one data center to another over the Internet. Back to a guy with a briefcase handcuffed to his wrist? Yoav
- [saag] CNN Says: Encryption a growing threat to s… Yoav Nir
- Re: [saag] CNN Says: Encryption a growing threat … Bernard Aboba
- Re: [saag] CNN Says: Encryption a growing threat … Yoav Nir
- Re: [saag] CNN Says: Encryption a growing threat … Bernard Aboba
- Re: [saag] CNN Says: Encryption a growing threat … Nico Williams