[Cryptography] "Ulysses pacts": better than "warrant canaries" ?

Peter Fairbrother peter at m-o-o-t.org
Sun Sep 13 21:17:02 EDT 2015

On 13/09/15 15:58, Henry Baker wrote:
> FYI --
> "But technology gives us a new, stronger kind of Ulysses pact, one
> that takes the choice out of management’s hands — a self-enforcing
> self-destruct button, which has the potential to make some secret
> warrants totally useless: binary transparency."

"binary transparency" - the digital matching of updates (your clients 
permit updates??! ?? you permit your clients to know each other??) - is 
not a Ulysses pact or a self-enforcing self-destruct button, or a 
replacement for warrant canaries.

These are different things.

Ulysses pacts etc are about warrants served on you, the server - binary 
transparency is occasionally about warrants served on your software 

Occasionally a warrant might be served on you, to serve your clients 
with a trojaned software - but binary transparency will not be something 
you do which will allow them to detect it, it is up to the clients to 
compare upgrades.

You will almost certainly be required by the warrant to do all you can 
to prevent the client knowing is trojaned, eg provide him with fake hashes.

-- Peter Fairbrother

More information about the cryptography mailing list