It would cover your use of SSH/TLS for providing a service, but they can already subpoena those keys under existing law, so it's of limited relevance in a conversation about what this bill introduces.
What changes here is that if you deployed SSH/TLS using a HSM (Hardware security module), you'd need to be prepared to provide a plaintext stream upon a court order. Obviously, the alternative is to choose the non-HSM route which is, and has always been, vulnerable to subpoena.
I would say the HSM example is likely the government's understanding of the law as it exists today anyway. This is a matter of codifying and clarifying that position.
All of the above-such systems are such where the vendor or operator already controls the means and mechanisms for encryption and decryption. These are already vulnerable to subpoena.
The serious changes in this bill are around building systems where only the end-user can control access to their data.
> What changes here is that if you deployed SSH/TLS using a HSM (Hardware security module), you'd need to be prepared to provide a plaintext stream upon a court order. Obviously, the alternative is to choose the non-HSM route which is, and has always been, vulnerable to subpoena.
Forgive me if I'm wrong, but doesn't SSH always use a Diffie-Hellman key agreement, where the keys are destroyed after their use? No subpoena has the power to recover keys destroyed in the past, even if no HSM had been used. The same applies to modern TLS using DHE or ECDHE suites, and AFAIK the current TLS 1.3 proposal allows only these suites.
They might be able to subpoena the authentication keys, but these are useless to recover the ephemeral keys of past connections (except from older TLS cipher suites which didn't use DHE/ECDHE), and even for future connections they would have to be used with an active attack.
I hadn't considered DH, but if this bill would be used as basis for a court order to decrypt data obtained via a wiretap, then yes, it would be problematic for PFS cryptosystems. :(
What changes here is that if you deployed SSH/TLS using a HSM (Hardware security module), you'd need to be prepared to provide a plaintext stream upon a court order. Obviously, the alternative is to choose the non-HSM route which is, and has always been, vulnerable to subpoena.
I would say the HSM example is likely the government's understanding of the law as it exists today anyway. This is a matter of codifying and clarifying that position.
All of the above-such systems are such where the vendor or operator already controls the means and mechanisms for encryption and decryption. These are already vulnerable to subpoena.
The serious changes in this bill are around building systems where only the end-user can control access to their data.