On Thu, Mar 28, 2013 at 7:27 PM, Jon Callas <j...@callas.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > [Not replied-to cryptopolitics as I'm not on that list -- jdcc]
Ditto. > On Mar 28, 2013, at 3:23 PM, Jeffrey Goldberg <jeff...@goldmark.org> wrote: > >>> Do hardware manufacturers and OS vendors have alternate methods? For >>> example, what if LE wanted/needed iOS 4's hardware key? >> >> You seem to be talking about a single iOS 4 hardware key. But each device >> has its own. We don't know if Apple actually has retained copies of that. > > I've been involved in these sorts of questions in various companies that I've > worked. Let's look at it coolly and rationally. > > If you make a bunch of devices with keys burned in them, if you *wanted* to > retain the keys, you'd have to keep them in some database, protect them, > create access controls and procedures so that only the good guys (to your > definition) got them, and so on. It's expensive. > > You're also setting yourself up for a target of blackmail. Once some bad guy > learns that they have such a thing, they can blackmail you for the keys they > want lest they reveal that the keys even exist. Those bad guys include > governments of countries you operate or have suppliers in, mafiosi, etc. > Heck, once some good guy knows about it, the temptation to break protocol on > who gets keys when will be too great to resist, and blackmail will happen. > > Eventually, so many people know about the keys that it's not a secret. Your > company loses its reputation, even among the sort of law-and-order types who > think that it's good for *their* country's LEAs to have those keys because > they don't want other countries having those keys. Sales plummet. Profits > drop. There are civil suits, shareholder suits, and most likely criminal > charges in lots of countries (because while it's not a crime to give keys to > their LEAs, it's a crime to give them to that other bad country's LEAs). > Remember, the only difference between lawful access and espionage is whose > jurisdiction it is. > > On the other hand, if you don't retain the keys it doesn't cost you any money > and you get to brag about how secure your device is, selling it to customers > in and out of governments the world over. > > Make the mental calculation. Which would a sane company do? > All excellent, well articulated points. I guess that means that RSA Security is an insane company then since that's pretty much what they did with the SecurID seeds. Inevitably, it cost them a boatload too. We can only hope that Apple and others learn from these mistakes. OTOH, if Apple thought they could make a hefty profit by selling to LEAs or "friendly" governments, that might change the equation enough to tempt them. Of course that's doubtful though, but stranger things have happened. -kevin -- Blog: http://off-the-wall-security.blogspot.com/ "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography