On 08/05/2013 02:07 PM, Richard Pieri wrote:
Flawed cryptography is useless. Good cryptography may be useless when one of your foes is responsible for approving and endorsing the encryption systems you use.
Flawed crypto is of little use if they are specifically after *you* (particularly if they know they are after you before you send your messages). But they probably are not after you, not really. Rather they lazy-ass are after *everyone*, and recent revelations are that they are tapping everyone by getting copies of data when it is in the clear.
Requiring them to take active measures in advance of the communication (MitM attacks) or even afterwards (human intervention) harms their economics *enormously*. Orders of magnitude.
Granted, good crypto is obviously better. No one would dispute that. But they are getting a nearly complete copy of what they are looking for because they are tapping it in the clear, because we are using essentially no end-to-end crypto. They get 99.99%+ of what they want without any crypto effort. Our monoculture of standardized plaintext makes their job *so* much easier.
Let's make it harder. Yes, a web of trusted certificates is hard to make air tight. Okay, don't insist it be air tight. If end-to-end encryption started to became common, even on a hodge-podge of self-signed certificates, the howls of protest from the spies would become deafening: because it would make their task much, much harder.
Mass surveillance changes the economics, and when opposing mass surveillance, some old aphorisms no longer hold.
-kb _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
