[AusNOG] (Meta-)Data Retention
Geordie Millar
gm at stackunderflow.com
Tue Aug 5 15:04:22 EST 2014
Or even better - IPSec, SSH and TLS support forward secrecy - meaning the key isn’t all you need to decrypt the traffic and that the extra information you do need to decrypt the traffic is not derivable from having the key and the encrypted traffic.
Support in TLS is largely theoretical and often broken, but generally getting there...
From Wikipedia:
http://en.wikipedia.org/wiki/Forward_secrecy
In cryptography, forward secrecy (abbreviation: FS, also known as perfect forward secrecy or PFS[1]) is a property of key-agreement protocols ensuring that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future.
On 5 Aug 2014, at 2:03 pm, Ross Wheeler <ausnog at rossw.net> wrote:
>
>> As an IT service person they would presumably need to get a warrant/court order/consult your lawyer to compel you to give over the private keys (which isn't to say you wouldn't get some vaguely worded threatening letter demanding them) .
>
> Makes a really good case for changing keys more frequently than the time it would take for said warrant/court-order/etc to be provided, so whatever they'd captured with "old key" couldn't be decoded with "current key".
>
> (Or as said, key escrew where you never even actually KNOW your key)
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list