Alex Alten wrote:
> Generally any standard encrypted protocols will
> probably eventually have to support some sort of CALEA
> capability. For example, using a Verisign ICA
> certificate to do MITM of SSL, or possibly requiring
> Ebay to provide some sort of legal access to Skype
> private keys.

And all the criminals will of course obey the law.

Why not just require them to set an evil flag on all
their packets?

> If there is a 2nd layer of encryption then this would
> require initial key exchanges that may be vulnerable
> to interception or after-the-fact analysis of the
> decrypted SSL payloads.

I guarantee I can make any payload look like any other
payload.  If the only permitted communications are
prayers to Allah, I can encode key exchange in prayers
to Allah.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to