[Cryptography] Updates on Durov charges in France

[Phillip Hallam-Baker]

Information is starting to emerge that strongly suggests he arranged the
'arrest' with French counter-intelligence fearing imminent assassination.

The information may or may not be confirmed but I suggest we hold up on
calling out the cavalry till we here from Pavel himself. I am sure that if
he feels he is being persecuted, he will let us know.


The more important lesson to draw from this situation is that if you
develop any sort of communications application and give yourself the
ability to intercept *OR REDIRECT* calls, you are putting yourself in the
firing line of folk who have committed a large number of murders to achieve
their ends.

We understood this when we built VeriSign. Having the ability to control
the root key would put any individual at risk of being threatened or
coerced.


Everyone does end-to-end encryption these days but very few applications
have end to end trust. I know Signal has a rinky dink key confirmation
scheme but it is unusable and they undermine it themselves by changing the
key codes.

Every easy to use messaging scheme has the same problem, the keys are all
held in a dictionary controlled by the service and all Mallet has to do to
intercept communications between Alice and Bob is to tell Sally the service
provider to redirect them to his own key and he can MITM them.

This flaw doesn't worry me much as a user of Signal but it should worry
anyone working for Signal. The FSB committed a half dozen murders in the UK
that we know about and there are hundreds of cases where Russian foul play
is strongly suspected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20240831/58a4b446/attachment.htm>