On Wed, Oct 23, 2013 at 3:19 AM, Hannes Tschofenig <[email protected]> wrote: > At 14:56 22-10-2013, DataPacRat wrote:
>> Do either of them provide any protection against a subpoena attack? > > Could you explain the 'subpoena attack' in more detail? > > Ciao > Hannes > > PS: I know what a subpoena is. An exemplar could be the attack against Lavabit's customers, which was only prevented by Lavabit shutting down entirely. More generally, it's a government issuing some sort of demand, often secret, to an online service provider, requiring at least that they hand over various keys, occasionally much more. 'Subpoena' is a placeholder for any similar document, such as court orders, search warrants, and the American "National Security Letters". A tad sillily, it's the official bureaucratic version of lead pipe cryptoanalysis, with lots more paperwork, and with the claim that the group making the threats have legitimacy in doing so because they're the government. My general thought, as of the start of this thread, is that such attacks could be made much harder to implement and much less effective by massively increasing the number of CAs (essentially, by turning everyone into a CA). Sending a lone piece of paper to a single middle-manager would no longer force sufficient compliance to track the online behaviour of thousands-to-millions of individuals. Should measurable effort be required in order to spy on any one individual, then it seems at least possible that simple budgetary concerns would reduce the amount of spying done on ordinary citizens. (Of course, my current .sig quote might apply.) Thank you for your time, -- DataPacRat "Then again, I could be wrong." _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
