[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: binding cryptography



> >Can you imagine that anyone would ever create a program that tries to
> >look like a conforming implementation, but generates invalid "binding"
> >data -- when it is so much easier to simply use PGP, and (if
> >necessary) disguise that fact using the government-approved encryption
> >software?  I don't, so in my opinion the verification process is
> >abolutely useless.
> Can you imagine what would happen if governments would (help to) set up
> a system that has no safeguards at all, i.e.  that could give criminals
> all the anonimity and confidentiality they need?

Sorry if my formulation was unclear. I ment to point out that it is
acutally easier to commit fraud in a way that is undectectable than
in a detectable way. So on the assumtion that the concept of binding
cryptography is a good thing, this scheme is flawed.


But to answer your question: Encryption software has already been
available for years. You may argue that PGP is not very user-friendly,
but it is secure and every computer user who takes the time to read
the manual can use it. So nothing much would happen that will not
happen anyway or has already happened.

> car, bicycle, house etc.). That is a fact of life; one I hate. So the
> point is: where is the middle of giving up freedom and stopping
> criminals?

But since - as you admit - it is not possible to stop criminals, the
question is: Do you want to cause a dramatic drawback in privacy and
create new potential security hole just in order to force criminals to
do a few hour's work of installing a secure encryption system from the
Internet, or when that is illegal buy it on the black market?

> We have set up the TRPs in such a flexible way that anybody could find
> one he can trust, one might even set up his own TRP.

Then it is not even necessary to use additional software to circumvent
government access. The user can simply configure himself as TRP for
the inner layer of encryption and the official one in the outer layer.