Comment by anonbanker
11 years ago
truth be told, it doesn't make anyone safer. it's a big fat placebo, especially once the NSA realizes that this project is entirely under their jurisdiction.
Now, if there was a project in Iceland or Seychelles that was doing something similar, I would be much more apt to participate.
Security theatre for the win(?) Do these people [EFF] not realize that the people they're trying to win over are network nerds? These are people that actually understand this shit and the repercussions of it.
I can't profess to understanding all the details of encryption infrastructure, but I learned very quickly in kindergarten, you can't trust anyone you don't know. It doesn't matter who they are, who they know or what they know. Half the time, you can't even trust "cold hard facts", the facts are frequently misinterpreted, fabricated or eventually proven to be wrong - once it was a fact that the earth was flat, then we were the centre of the universe, now the universe as we know it is held together by a God particle. Science claims facts that invalidate there being a God... all facts are a matter of our fallable understanding of this scientific instrument we are building. Even people you do trust can be coerced into doing things that compromise your ability to trust them or their motives.
If you want to automate trust, then you're eventually going to have to realize that you can't. All you can do is mitigate the cost of being wrong.
Absolute power corrupts absolutely - the CA (or whoever controls that CA) has absolute power in this scenario. If you have the director's family hostage, everyone else's security just went down the pan.
Chain of trust is like putting all your eggs in one basket. You just don't do it. Web of trust is a marginal step up, but it's more of a pain in the ass and can also be overcome by a group with malicious intent.