[Cryptography] Plan to End the Crypto War

james hughes hughejp at me.com
Fri Jan 8 13:46:54 EST 2016 

> On Jan 8, 2016, at 8:31 AM, John Levine <johnl at iecc.com> wrote:
> 
>> Looking at the whole process, why is a fragmented key is better than a single golden key?
> 
> I'd expect that, say, Apple would give a piece of the key to the
> governments of each country where they sell iphones.  If they all
> agree to read someone's messages, he must be really bad.

This would either not be used or create a collusion attack that would make it useless.

International cooperative policing is not the choice of governments in many, if not most, cases. Even if the UN could create such an agreement:  
The majority of “normal” non-FISA cases would overwhelm this process or turn it into a rubberstamp that can be easily gamed, Fail.
This would not meet FISA secrecy needs thus would not meet the government's needs.  Fail. 
the Iranians talk to a bunch of their friends and gets the majority of keys for Iranian customers. Unfettered access, no oversight, Fail. 
Even if it is deployed, Telling the USA that China wants to investigate a US citizen for espionage would never happen. None of the US allies would agree, nor would China want for any of the US allies to know.. This would lead to sets of “willing allies” by target to create a similar set of like minded ruberstamp for each target country… For instance, Targets in Russia would include pieces from US and EU, targets in USA would include pieces from China, Russia and their satellites, etc. Because of this, no country would agree to this. Again, fail. 
It is my opinion that secret splitting is a technology mathematically works, but the analysis can not stop at the math. A complete set of details of combination of human nature, governmental pressures, police processes must be considered along with all possible “gaming” of the system. 

My personal conjecture is that split golden key is no better than single golden key because any human process where the split key works, that process can be implemented around a single golden key. 

Susan Landau says "no legislation requiring exceptional access should be considered unless the particulars of the proposal — the technical particulars — are presented. Otherwise we would be mandating insecurity when what we need is just the opposite.” <https://www.lawfareblog.com/keys-under-doormats-mandating-insecurity> and, contrary to the opinions of many Mathematicians, “technical particulars” do not end at the math.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160108/6836a46d/attachment.html>

More information about the cryptography mailing list