[morpher]

This scheme is only broken if all entities fail to keep their keys secure. In the event of a key compromise, updated keys could be pushed out and used to reencrypt. Of course that presents another weakness. (Who signs the update? What if their key is compromised).

[toyg]

"The courts" are basically a sieve (every newspaper hack learns this on his first day on the job), so you can count that one out very quickly. Manufacturers are only slightly better, and we've seen it with DigiNotar et al. That leaves the FBI/government, not exactly the strongest fort when it comes to public leaks. In that sense, Apple's marketing is right: the only person you should trust with the safety of your data is yourself.

Also, if you allow firmware to reflash its keys, then you have a mechanism that again can be subverted (as well as what you point out). I think we've seen it with games that that sort of DRM doesn't work in the long run -- it's routinely cracked, but manufacturers don't care too much as long as it allows them time-windows long enough to make bank. Making it the basis of all data-handling in the land doesn't seem particularly smart.

[timv]

But that's a bit of a different argument that the hand-waving Keybase were using.

Saying "it's not possible to build a secure backdoor" is a cop-out.

The truth is, we can build systems so that your data can be decrypted with either your key, or a master key. And we can build systems where the master key requires multiple coordinated parties.

Such systems can be used to implement secure backdoors, but only if we can trust those parties with the master keys to do their job properly.

That requires:

- Proper key security so their keys don't get exposed

- Proper access controls so that the keys are only used for the purpose for which they're intended.

The problem is that we know with complete confidence that all of the parties involved in that process will fail at one or both of those hurdles.

This isn't a technical problem. "Secure golden keys" are technically feasible, and not even particularly hard. It's simply an issue that there is no one that you ought to trust with such a key.

[vidarh]

It's not a cop-out because any such system will include its environment.

Your alternative is basically saying "it's theoretically possible, but in practice impossible". If so, the theory is incomplete: it fails to account for the human factor.

[viraptor]

If the key is stolen, there's a good chance nobody will realise for months/years. Nobody will issue an update either. Also if some key is compromised, there's a good chance some organisations would rather keep that secret rather than announce the fact.