|
|
|
|
|
|
by harshreality
3989 days ago
|
|
|
That's some semantic gymnastics. So a "Public backdoor" is a "Frontdoor" when used by a law enforcement agency with a warrant. What about when the "neutral" third party uses the keys for some purpose without a warrant? What about when the third party is hacked? It seems confusing to refer to the same system as both a frontdoor and a backdoor. The FBI would probably be happy with a front door. Unfortunately, a "frontdoor" means some "neutral" third party (or anyone who hacks it) then has the ability to decrypt all your communications. Furthermore, a "neutral" third party isn't necessarily that trustworthy. The saving grace of the CA system is that non-targeted attacks are likely to be detected, because the CAs don't have the certificates' private keys, and use of alternate keys is detectable, or even preventable (only in advance) with pinning. Everyone would balk at a CA system where the CAs had all the servers' private keys. No matter how trustworthy the CA. It would be undetectable, and pinning wouldn't mitigate it. And that's exactly what the FBI wants for Google, Facebook, Microsoft, and Whatsapp communication products. If a neutral third party holds the keys, then you have the company (1) that makes the communications products having the keys, transferring them to the neutral third party (2) and deleting them ("we promise!"), so only the third party holds them for possible eventual use by the FBI (3). That's three entities that may potentially have access to key material in the future, not to mention anyone who hacks those three entities. |
|
|