On Fri, 2008-01-18 at 02:31 -0800, Alex Alten wrote:
> At 07:35 PM 1/18/2008 +1000, James A. Donald wrote:
> >
> >And all the criminals will of course obey the law.
> >
> >Why not just require them to set an evil flag on all
> >their packets?
> These are trite responses.  Of course not.  My point is
> that if the criminals are lazy enough to use a standard
> security protocol then they can't expect us not to put
> something in place to decrypt that traffic at will if necessary.

I see your point, but I can't help feeling that it's a 
lot like requiring all houses to be designed and built with 
a backdoor that the police have a key to, in order to 
guarantee that the police can come in to investigate crimes. 

The problem is that the existence of that extra door, and 
the inability of people to control their own keys to lock 
it, makes crimes drastically easier to commit.  You think 
police don't use DMV records to harass ex-girlfriends or 
make life hard for people they don't like?  You think 
Private investigators and other randoms who somehow "finesse" 
access to that data all have the best interests of the public 
at heart?  You think the contractor who builds the house 
will somehow forget where the door is, or will turn over 
*all* copies of the keys? 

And stepping away from quasi-legit access used for illegitimate
purposes, you think there're no locksmiths whose services the 
outright criminals can't buy?  You think the existence of a 
backdoor won't inspire criminal efforts to get the key (by 
reading a binary dump if need be) and go through it?

> >I guarantee I can make any payload look like any other
> >payload.  If the only permitted communications are
> >prayers to Allah, I can encode key exchange in prayers
> >to Allah.

> Look, the criminals have to design their security system with
> severe disadvantages; they don't own the machines they
> attack/take over so they can't control its software/hardware
> contents easily, they can't screw around too much with the IP
> protocol headers or they lose communications with them, and
> they don't have physical access to the slave/owned machines.

That is a very petty class of criminal.  While the aggregate 
thefts (of computer power, bandwidth, etc) are impressive, 
they're stealing nothing that isn't a cheap commodity anyway 
and the threat to lives and real property that would justify 
the kind of backdoors we're talking about just isn't there. 
Being subject to botnets and their ilk is more like the 
additional cost of doing business in bad weather, than it 
is like being the victim of a planned and premeditated 
crime with a particular high-value target.  

Moreover, we know how to weatherproof our systems.  
Seriously.  We know where the vulnerabilities are and we 
know how to create systems that don't have them.  And we 
don't need to install backdoors or allocate law enforcement 
budget to do it.  More than half the servers on the Internet - 
the very most desirable machines for botnet operators, 
because they have huge storage and huge bandwidth - run 
some form of Unix, and yet, since 1981 and the Morris Worm, 
you've never heard of a botnet composed of Unix machines!  
Think about that!  They do business in the same bad weather 
as everyone else, but it costs them very little, because 
they have ROOFS!

I submit that the sole reason Botnet operation even exists 
is because so many people are continuing to use an operating 
system and software whose security is known to be inferior. 
A(nother) backdoor in that system won't help.

The criminals whose activities do justify the sort of backdoors 
you're talking about - the bombers, the kidnappers, the 
extortionists, even the kiddie porn producers and that ilk - 
won't be much affected by them, because they *do* take the 
effort to get hard crypto working in addition to standard 
protocols, they *do* own their own machines and get to pick 
and choose what software goes on them, and if they're 
technically bent they can roll their own protocols. 


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to