[Cryptography] "Ulysses pacts": better than "warrant canaries" ?
Peter Fairbrother
peter at m-o-o-t.org
Sun Sep 13 21:17:02 EDT 2015
On 13/09/15 15:58, Henry Baker wrote:
> FYI --
>
> "But technology gives us a new, stronger kind of Ulysses pact, one
> that takes the choice out of managements hands a self-enforcing
> self-destruct button, which has the potential to make some secret
> warrants totally useless: binary transparency."
"binary transparency" - the digital matching of updates (your clients
permit updates??! ?? you permit your clients to know each other??) - is
not a Ulysses pact or a self-enforcing self-destruct button, or a
replacement for warrant canaries.
These are different things.
Ulysses pacts etc are about warrants served on you, the server - binary
transparency is occasionally about warrants served on your software
supplier.
Occasionally a warrant might be served on you, to serve your clients
with a trojaned software - but binary transparency will not be something
you do which will allow them to detect it, it is up to the clients to
compare upgrades.
You will almost certainly be required by the warrant to do all you can
to prevent the client knowing is trojaned, eg provide him with fake hashes.
-- Peter Fairbrother
More information about the cryptography
mailing list