undefined | Better HN

0 pointswulfstan11mo ago0 comments

I don't accept that. We have "master keys" for some forms of encryption right now in the form of root certificates; knowing that root cert authorities could issue certificates that might allow people to sniff my network traffic doesn't keep me awake at night.

0 comments

ziddoap11mo ago

To reduce any risks, almost everything PKI-related is conducted in public, is auditable by anyone, and is a cooperation between dozens of distinct entities located globally.

This is not analogous to a single government having non-transparent, non-auditable access to decrypt communications of its own citizens.

wulfstanOP11mo ago

Then setup the system to be more analogous. Make the publication of key issuance under this mechanism public after a period of time.

Again, I see us falling back into an "all or nothing" view of privacy and I just don't think those are the only options.

ziddoap11mo ago

>Then setup the system to be more analogous. Make the publication of key issuance under this mechanism public after a period of time.

That (somewhat, barely) addresses one of ~dozen issues with the proposal.

>Again, I see us falling back into an "all or nothing" view of privacy

Not to be too pedantic, but I think the distinction between privacy and encryption is incredibly important: almost everyone agrees that privacy is a gradient. The disagreement is whether or not encryption can be a gradient. Most people do not think it can reasonably be without undermining ~everything relying on it.

1 more reply

01HNNWZ0MV43FF11mo ago

Not really. You can get around with pinning public keys like IoT devices and Tor and i2p do

A proposal to backdoor all cryptography is worse than having pki as a think we opt in to for the sake of convenience

j / k navigate · click thread line to collapse

0 comments

ziddoap11mo ago

To reduce any risks, almost everything PKI-related is conducted in public, is auditable by anyone, and is a cooperation between dozens of distinct entities located globally.

This is not analogous to a single government having non-transparent, non-auditable access to decrypt communications of its own citizens.

wulfstanOP11mo ago

Then setup the system to be more analogous. Make the publication of key issuance under this mechanism public after a period of time.

Again, I see us falling back into an "all or nothing" view of privacy and I just don't think those are the only options.

ziddoap11mo ago

>Then setup the system to be more analogous. Make the publication of key issuance under this mechanism public after a period of time.

That (somewhat, barely) addresses one of ~dozen issues with the proposal.

>Again, I see us falling back into an "all or nothing" view of privacy

1 more reply

01HNNWZ0MV43FF11mo ago

Not really. You can get around with pinning public keys like IoT devices and Tor and i2p do

A proposal to backdoor all cryptography is worse than having pki as a think we opt in to for the sake of convenience

j / k navigate · click thread line to collapse