I hope they interop using MLS. That would scale well and mean 3rd party chats have solid E2EE. Its not *that* far fetched as Whatsapp was somewhat involved in MLS's design in the protocols earlier stages (less so later though).

I guess we'll have to see what Whatsapp does and how good of a job the MIMI working group at the ITEF does...

To paraphrase the EU rule: native 3rd party chats must be at least as secure as native chats. In other words, because Whatsapp uses E2EE internally (namely, their own "sender-key" E2EE protocol which they built on top of the basic 2-party signal protocol aka X3DH + Double Ratchet) the same level of E2EE needs to be afforded for the 3rd party chats. Otherwise the EU would see the degraded security as an artificial barrier by whatsapp making it harder for their customers to leave their platform. Reducing such barriers is a major goal of the law.

One candidate E2EE which may end up becoming the defacto interop standard is MLS (RFC9420). Google, the only other gatekeeper in the IM space to whom the law must apply besides Meta's Whatsapp, has already announced they will be roling MLS out for Messenger. If whatsapp follows suite this would be a strong endorsement for implementing the new law via MLS. Hopefully the MIMI working group at the IETF does a decent job at A) coming up with all the standards needed for application layer interop based on MLS and B) doing it in a way that is palatable to Google and Meta so they actually adopt the results.

Writing these H2 train (and similar) projects off because they dont reduce CO2 emissions today is thinking too narrow in scope. Its missing what seems like their main value today.

E.g. They serve as test beds and PoCs for developing H2-based tech. They give us platforms for building know-how about how to use H2. They create initial small scale demand for H2 to help drive more investment in H2 generation.

More generally, they are about trying to get past the chicken-and-egg problem inherent to changing major corner stones of our entire industry (i.e. our fossil-fuel based energy life-cycle).

The differences become even more stark when comparing what fraction of the energy each person consumes actually comes from wind.

E.g. for 2016, taking the per capita wind energy production from this site and dividing by per capita total energy consumption from here results in:

USA = 707.99 kWh / 79,131 kWh = 0.895%
China = 174.81 kWh / 24,938 kWh = 0.7%
Denmark = 2,230.23 kWh / 34,302 kWh = 6.5%

So Denmark produced about 10x the fraction of what a citizen consumes in wind power on average while the US and China were relatively on par with each other. Of course, thats from 5 years ago so things have surely changed since then.

> the only way to truly have secure communications between two (and only two) individuals is for those two individuals to personally maintain individual or shared secrets.

whats wrong with public key crypto?

Also, i find the line your drawing a bit arbitrary here. e.g. you could just as well claim that to get secure communication with out trusting anyone else you'd have to design your own crypto primitives, implement them, build your own hardware, etc. Its just all a bit arbitrary.

alternatively maybe card based crypto is a way to go where one could more realistically get a fully trusted computational stack for doing secure computation... But of course thats only ever gonna be of very limited real world use too.

In principle at least, owning the baseband gives you a springboard for lateral movement to a different chip in the device. In other words, a platform from which to attack the SoC or memory or whatever. And from those you get access to app data and computation which lets you attack e2e crypto.

To be fair, this is pretty non-trivial stuff and probably more APT / nation-state level offensive technology. So not sure the FBI is gonna be spending these kind of resources (and risking burning such tools/techniques) on low-level targets; especially not for mass-surveillance.

Still, the point is if your on the baseband you've got a beach head and thats not nothing.

"empty gestures" hun? Care to back that up somehow?

They've been more or less continuously reducing gross (and even more so per captia) CO2 emission for years now. E.g. About 10% reduction in gross emission since 2005 (while growing both population and GDP).

Source.

According to the world bank data set here the US has reduced its gross C02 emissions to about 90.7% of its 2005 levels while Germany is at 90.3%. So Germany is marginally better but they are pretty comparable really in terms of achievments. China, on the hand, has about doubled their emissions in the same time frame. :-/

Whats more worrying though when comparing the US to Germany is that over the last year or two the trend in reduction is accelerating in Germany while in the US CO2 emissions are actually starting to increase! Plus the looking at the new white house administration I'd expect that will only get worse, not better.

Don't really agree with that sentiment.

For example, according to the world bank data they've reduced their gross CO2 emission by about 10% since 2005. (Meanwhile their population has grown by .7% and their GDP by around 21% over the same time span.) In my book thats not really "nothing to show".

You seem to be assuming that the US CO2 output trend under Obama's tenure will continue. Why does that seem plausible to you given the new administrations about-face on climate, the environment in general and the EPA in particular?

QKD is a heck of a lot more practical than any of the research prpgrams you mentioned... given the ever growing improtance of (and failures in) imfo sec. I was say developing better tools for that field is a pretty worthy goal.

Long term security comes to mind. A very comon use of DH protocols is to agree on a key for encrypting content. Suppose an attacker records the public keys used in the DH session as well as the subsequent encrypted content. If in 20 years they get there hands on a powerful enough quantum computer they could go back and break the DH part, redrive the encryption key and then decrypt all recorded content.

my question is why not use post-quantum (e.g. lattice based) key agreement instead of QKD... they r starting to b pretty practical for low bandwidth/high securoty applications but also (as far as we know) withstand quantum attacks. I guess with QKD the point is we know thay with our a complete revolution in physics past sessions will remain secure against whatever new classes of future computational devices we might create...

that's not really how QKD works. There is no seperat "alert system". Instead, by listening in the signal between end points is unavoidably altered so the end points trivially detect that a third party was eavesdropping during the key agreement protocol. That way they know not to use whatever key was produced in that QKD session. The laws of quantum mechanics guarantee that eaves dropping always causes the signal to be changed. (E.g. as far as I underatand any violation of that would contradict the no-cloning principle.)

Whats ur point? No secure communication system is ever going to be secure in those adversarial models... QKD or otherwise.

China is at the for front of QKD research since sometime now. E.g. their collaboration with Zeilingers team have repeatedly produced world records in implementing QKD in practice.