In article <[EMAIL PROTECTED]>, Eugen Leitl <[EMAIL PROTECTED]> writes
>There's a rather ominous EU legislation to be passed soon, >which requires any party acting as a provider (you run anonymous >proxy, or mix cascade, you are a provider) to log all connection >info (when, who, with whom). What's the status of ad hoc IPsec >or any other TCP/IP-tunneling VPN for random endpoints? (a) the EU legislation was actually passed well over a year ago http://europa.eu.int/eur-lex/lex/LexUriServ/site/en/oj/2006/l_105/l_1052 0060413en00540063.pdf and applies to "service providers" so "random endpoints" will be unlikely to be caught by its requirements. (b) what the Directive exactly means is anyone's guess (the wording shows a deep failure to understand how the Internet works), and it is entirely clear that it will in practice mean different things in different EU countries. In the UK it's likely to only apply to large public ISPs -- and retention will be restricted to records of who used which IP address, email server records, and possibly web cache logs (possibly not, since web caches may not be economic if the logs have to be retained)... ... the wikipedia page on the topic http://en.wikipedia.org/wiki/Data_retention ... has information for other countries that looks fairly plausible from what I know about their plans. Note that the Directive also applies to phone calls ... and the transposition of that into national laws is supposed to be completed by October 2007; most countries have until March 2009 for Internet logs -- richard Richard Clayton They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]