[cryptography] Key escrow 2012
iang at iang.org
Fri Mar 30 21:42:34 EDT 2012
On 31/03/12 03:00 AM, Jeffrey I. Schiller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>> Nope. If we had won, crypto would be in widespread use today for
>> email. As it is, enough FUD and confusion was sown to avert that
>> outcome. Even on geek mailing lists such as this, signatures are
> Sorry, I beg to differ. The average folks in the world today never
> heard of the crypto war and certainly were not influenced by it.
A bit like saying that the average iPhone user never heard of GSM and
was certainly not influenced in it :)
> about every mail client (accept the one I happen to be using :-) ) has
> some form of crypto (usually S/MIME) built in. Yet it isn't being
> I have heard a lot of speculation as to why crypto isn't being used by
> Joe Average, ranging from its too hard, lack of understanding of key
> management (aka Certificates) [its too hard], and just lack of
> caring. See http://www.simson.net/ref/2004/chi2005_smime_submitted.pdf
> But the crypto wars just isn't a factor.
It's probably more about correlation and hidden causalities.
One of the weapons of the anti-crypto side was over-complexity, desire
for single points of failure, serialisation of steps. Things like
S/MIME exhibit all of those properties, indeed it was so loaded up with
bad engineering, it failed to get off the ground even when geeks try and
But against the opponents of crypto, it still fulfills a purpose. Its
benefit is to block any further action in this direction. There are
enough people who believe in S/MIME, and these people control enough of
the vendors such that there is no counter-momentum to replace it with
something that works .
The crypto wars were about opening up that battlefield so that open
source could start to experiment with lots and lots of alternatives.
The reason we lost the war was because we thought we'd won it. We were
tricked. What actually happened was a high profile weapon - the export
control - was loosened up enough just enough to make many think we'd
won. All the low-profile weapons were left in place.
There is a Foreign Affairs article that describes the same or similar
techniques carried out against South Africa. (I think Ross Anderson dug
this out at some stage and posted about it ... it's probably worth
finding it and re-reading it.)
> There is still time to figure out how to get people to use crypto, all
> is not yet lost!
Yeah. New applications is the opportunity. We saw this in Skype, when
a new field was not subject to the old domination. We didn't so much
see it with social networks, but there is something of it in there.
 fixing s/mime to work is pretty easy - just have the app create &
share self-signed certs when the account is added/created. Add in some
detail, and let it rip. The point is, you will never ever get the past
More information about the cryptography