[Cryptography] hard to trust all those root CAs

Bill Frantz frantz at pwpconsult.com
Wed Jul 23 22:39:18 EDT 2014 

On 7/23/14 at 2:48 PM, jsd at av8n.com (John Denker) wrote:

>On 07/23/2014 02:30 PM, Bill Frantz wrote:
>>
>>I assume that all my email is as private as messages to this list.
>[....]
>>The one time I actually thought I was having a private conversation was in a cave
>
>
>...
>
>To say the same thing in less sarcastic terms:  We had better 
>do whatever it takes to make sure that assumption does not 
>become true.

I fully agree, which is why I contribute to this list.

But the flaws in our computer systems, protocols, and 
procedures, coupled with our failure to use what we have makes 
the assumption of complete openness the only safe assumption.

I personally don't worry about NSA too much. Revealing what they 
can gather from my electronic world isn't worth the cost 
revealing the extent of their spying. As a US person, I worry 
much more about foreign intelligence agencies. They are 
attempting to undermine US companies which I depend on 
economically. Helping these companies keep secrets from them is 
in my best interests.


>This affects many different aspects of life.  -- Baseball would 
>be a very different game if the batter could crack the 
>communication between catcher and pitcher,
>and if the pitcher could crack the "bunt" and "steal"
>signs, et cetera.

I think there are examples on record of these signals being intercepted.


>-- Poker would a verrrry different game if all the cards
>were transparent.

I agree, it probably wouldn't be played at all.


>-- I take this personally, because most of my adult life
>has been spent doing R&D.  Almost every dollar I ever
>earned was predicated on the idea that my work conferred
>some competitive advantage to the company that I owned
>and/or worked for.  It would be hard to have any kind of 
>intellectual property, or any kind of competition at all,
>if everything becomes an open book.

Fortunately, information transfer, particularly the results of 
R&D, is much more complex than just reading correspondence 
between developers. In real world cases, it frequently takes 
hours/days/weeks of one-on-one teaching to transfer the ideas.

Trade secrets are in trouble in a completely open world, 
although there is still some legal protection if a trade secret 
is stolen. Patents, copyrights, and trademarks can continue 
unscathed. Those are the four kinds of legal IP I know of.

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        |"We used to quip that "password" is the most common
408-356-8506       | password. Now it's 'password1.' Who said 
users haven't
www.pwpconsult.com | learned anything about security?" -- Bruce Schneier

More information about the cryptography mailing list