[umvi]

> You left out b) vendor has the keys stolen or leaked by a disgruntled employee and now the encryption is useless.

e) If the keys are stolen, issue new keys to all devices

The leaked keys are only good for physically compromised devices in the hands of people with access to the scanning electron microscopes, which I daresay is an extremely small attack surface.

There is only a small window after the leak in which a device can be stolen, powered down, and compromised.

On the other hand, you could mandate that such keys aren't allowed to be stored in databases (physical access only)

[the_watcher]

You don't always know that keys have been stolen. And an electron scanning microscope is hard to get now, but what about state-sponsored actors spending half a decade developing a pocket-sized tool? The whole point of E2E is that all of these scenarios are literally not possible.

[umvi]

Well, periodically reissue keys then regardless of if you think they've been compromised. Or don't store the private key in a database, store on physical media in a vault that is airgapped and hard to access. Make the read-only-ability of the storage chip more difficult and onerous with each generation like paper currency security.

My point it that you could make it so difficult to break E2E for even the most elite hackers that the only realistic way to do it is with a warrant.

[the_watcher]

Not if you're sponsored by a hostile actor with functionally limitless resources. E2E isn't just about stopping legitimate law enforcement from conducting investigations.

[umvi]

> Not if you're sponsored by a hostile actor with functionally limitless resources

Like who? Russia? China?

Here's how they can compromise my device:

1. Locate me within the USA (easy)

2. Send a spy onto US soil to find me and steal my phone (hard)

3. Send another spy to work for Apple (easy)

4. Spy needs to break into Apple's vault and retrieve airgapped media containing my device's private key without a warrant (super hard)

5. Send both back to the motherland and use scanning electron microscope to complete the process (easy)

You really think that is viable? Seems extremely far fetched to me. Can you provide a more realistic scenario?

[kelnos]

The more realistic scenario is already possible today, and doesn't need to involve so much technical mumbo-jumbo: at step #2, instead of stealing your phone, they kidnap you, and torture you until you give up your password. Done, and no need for steps 3-5.

(And I suspect, for a sufficiently-motivated state-level actor, that actually falls under "easy", or at most "medium".)

[umvi]

Right, so why are we so worried about this? If the government is malevolent they will just kidnap and torture you like the PRC.