[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CryptoSeal shutters, ala: LavaBit

To: [email protected]
Subject: CryptoSeal shutters, ala: LavaBit
From: [email protected] (Bill Stewart)
Date: Tue, 22 Oct 2013 02:11:21 -0700
In-reply-to: <[email protected] mail.com>
References: <CAD2Ti28ibJ6=yJnUekw7ww989rAp+Kw+gJ4fgAtpve4JzgcDjA@mail.gmail.com> <[email protected]> <CAESvgEpewmePn+GHuFuWjhkpCJOy23aPuW8R1k+BTyfHxjMsXw@mail.gmail.com> <CAJVRA1T922+9-i=bVKYjcEX=XqwOGaet-5cFPw06LrFfmWDW4A@mail.gmail.com>

 >>> Third-party outside the US
Why should a customer buy from you instead of directly from the non-US party?
If you can find a way to only have service compromised if you're BOTH 
compromised, that might let you add some value, but otherwise you're 
just a consultant.

>enforce forward secrecy, allow no non-forward secret suites. this is critical.

Absolutely.

>problem solved..
>  ...they will however treat this as contempt of court - the escalation
>would be infinitely interesting!

If your certificate is for signatures only (e.g. on DH keyparts), not 
for encryption,
you've got a much stronger case to make in court.
And it's much tougher for them to argue "contempt" if you do have to 
cave and give them
your signature key but then generate a new one and start using it,
as long as you don't destroy the old one (which would potentially be 
destroying evidence.)
The question is whether they can force you to retain the DH keyparts.

References:
- CryptoSeal shutters, ala: LavaBit
  - From: [email protected] (grarpamp)
- CryptoSeal shutters, ala: LavaBit
  - From: [email protected] (Jim Bell)
- CryptoSeal shutters, ala: LavaBit
  - From: [email protected] (Kyle Maxwell)
- CryptoSeal shutters, ala: LavaBit
  - From: [email protected] (coderman)

Prev by Date: Enigmabox releases source
Next by Date: Undernet IPv6 Interop [was: Enigmabox/cjdns]
Previous by thread: CryptoSeal shutters, ala: LavaBit
Next by thread: CryptoSeal shutters, ala: LavaBit
Index(es):
- Date
- Thread