Encryption on Mailing lists sensless?

Garreau, Alexandre galex-713 at galex-713.eu
Mon Nov 17 23:13:06 CET 2014

On 2014-11-17 at 19:49, Robert J. Hansen wrote:
>> Most of the technical reasons can be bypassed by making a single
>> subscriber key (public and private) available as a part of the
>> subscription process, but that eliminates most of the technical
>> advantages of encryption, so it's really a moot point.
> It also means there's pretty much no point in keeping archives,
> because it's inevitable that the keys will become separated from the
> archives. And if the key is part of the archive, then what's the
> purpose of the crypto in the first place?
> Once, for my job, I had to look into the way the Roman Senate
> conducted its elections.  I was able to find ballots that were over
> 1500 years old.  It was pretty neat, and it changed my perspective on
> things like crypto.
> The crypto dream is that the confidentiality of our messages will be
> preserved for centuries after our death,

Well, no. The crypto dream is that powerful people will stop being able
to retrieve lot of informations on why they exerce power on, and that
these people will be able to inform and communicate in a decentralized,
horizontal and autonomous manner wathever this autority wants.

> which sounds really great up until you consider what an archaeologist
> circa 4000 AD is going to be thinking.  "I have a stack of records
> here that could shed light on the way people lived in a long-dead
> civilization, but I can't read them. Why?  What were these people
> doing that they thought their email to their Aunt Edna needed to
> remain secret for all time?  Why is it that, millennia after they're
> gone, Aunt Edna's recipe for potato salad has to be gone with them?"

Then the question is not “Do we want to encrypt everything?”, but more
precisely: “do we want to make everything *accessible*”. Actually
imagine mail servers today, quite all encrypting everything with
TLS. Not a problem, mails are still accessible. It just means it’s
harder for ISPs (MITM is visible, and being visible means a great risk)
to spy on people. If we make only some traffic encrypted they have at
least the information of what is enough important to be hidden, when,
where, by who, to who, for how long, etc. meta-data. Here we make
cryptoanarchy and hide everything so that they don’t even have the
information of what is to hide.

But that doesn’t obligate us to make what is public public. We could
imagine a web where everybody uses HTTPS: pages are still accessible to
everybody. We could imagine bittorrent where almost all clients encrypt
everything (hint: it’s already this way), and everything is still
accessible. We could imagine Tor Hidden Services, and everything is
still accessible. What’s not accessible anymore is metadata.

> Or think about your own kids, circa 2040 AD.  "I'd love to read these
> emails between Mom and Dad when they were courting, but ... they were
> afraid of Somebody-with-an-S reading their emails.  I wonder if they
> ever thought that the Somebody might be their son, who wanted to
> understand after their deaths how it was these two people came to meet
> and fall in love."

Then comes the problem of private messages, made to be private.

First, future archeology is pointless argument between our security and
our freedom, it sounds a lot more better like kind of an excuse.

Second, a reccurent problem in cryptography is we know computers power
and algorithms constantly evolves, and that what’s encrypted a way today
is not guaranted to always be forever. What’s encrypted with DSA today
will maybe be accessible within more time.

Finally, information generally needs to be private only for a limited
amount of times. If we have a message describing date and place for a
dissidents reunion in a totalitarian state, once the reunion is over,
the message doesn’t need to be private anymore, and could be “released”,
if it’s for archival/archeology/history needs. Actually it would be
something quite interesting for people to know in what kind of place
reunions are planned (anyway a place should never be the same twice).

> Historians called the early medieval period "the Dark Ages" not
> because the era was full of villainy and evil, but because
> record-keeping became so austere that we really don't know much of
> what happened for that period.

Because they had no efficient way to keep information in front of the
quantity of information producible. The press solved this problem.

> We're living in a new Dark Age right now.  Historians of the future
> are going to see human record-keeping basically end around 1960.

They’re still accessible. And what’s saying you in the future all
hard-disk will die at the same moment with no backup?

It could be plausible if our civilization could break down just like
others before and let others develop. The problem is: today we have a
world-wide civilization, if this one break down, there will be no more
civilization to study us. So we have absolutely no reasons to care.

> Fewer records were printed out and more were put on digital media --
> media that deteriorates much more quickly than paper, and depends on
> technology to read it, technologies which become obsolete and are
> discarded even faster than the media degrades.

I doubt a paper newspaper can subsist more time than a hard disk.

> So when you hear people advocate "crypto everywhere, always, for
> everything," ask yourself this: if they get what they want, what will
> it do to future generations' ability to make sense of our time?

Can you explain in what future generations’ curiosity is more important
than this generation’s freedom?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20141117/417e2d8d/attachment.sig>

More information about the Gnupg-users mailing list