[nycbug-talk] Elliptic Curve Backdoor? [was] RSA/DSA for encryption: has it's time come?

George Rosamond george at ceetonetechnology.com
Fri Sep 13 14:52:39 EDT 2013


Pete Wright:
> On 09/13/2013 07:58 AM, Okan Demirmen wrote:
> 
>>> So throwing it back to list...
>>>
>>> What have you changed?
>>>
>>> What changes have taken place in your organization, whether or not
>>> influenced by you?
>>
>> Zero.
> 
> same here - although the incompetent IT department at my day-job is not
> insisting on not allowing encrypted IM's because..."compliance".  so
> that's awesome.

I have some technical clients who are very conscious of the fact that
there has been a shift for non-technical people.

The argument that privacy has to be designed, as opposed to being
promises or policy is has reasserted itself.  If a provider *can* access
data of its clients, then there isn't privacy.

Can't find them ATM, but this is a great spot to see useful articles on
the topic, including a lot of stuff on the changes in people's thinking
recently:

https://twitter.com/liberationtech

And LibTech's list is a central place for discussions around this stuff
today.

(hi again Jan!)

> 
>>
>>> Factors of authentication, keys used, additional encryption added,
>>> office or home Tor, pgp/gpg....
>>
>> Nothing new.
>>
> 
> same here, i think being a practical paranoid has prepped me for this
> inevitable day where it's known that telecomunications is an inherently
> unsafe communication medium.  as is anything that requires 3rd party trust.

Very much the case for me also.  But I am convinced more of our 'tools'
will start accounting for the 'new world' and I'm keeping tabs on that.

Thanks for being relevant Pete.  I shifted this thread for a reason.

g



More information about the talk mailing list