At 8:51 AM -0400 2003/07/08, Edward Warnicke wrote:
I seem to have miscommunicated. I am in no way suggesting that a router
provide arbitrary "lawful intercept" services for some unknown
party in some other country. Please see
http://www.ietf.org/internet-drafts/draft-baker-slem-architecture-01.txt
Okay, fair enough. But if you want to get wide availability of this feature, you have to give people a reason to actively want to provide this information.
True. In the Lawful Intercept application there are legal requirements that the network owner provide wire tapping services ( usually when
presented with a warrant, your local laws may vary ). This requirement can be fulfilled in a number of ways, but clearly service providers
would like to comply with legal requirements in the least expensive possible way. Many of the mediation devices that provide the intelligence
behind doing the tapping will be supplied by third party vendors. If these third party vendors must integrate their mediation devices separately
to the OSS system of each service provider to obtain information about the first-hop router(s) this could be quite expensive. If the mediation
device vendors can integrate against a particular use of the existing DNS system, this should be much less expensive. If it saves service
providers money, they will implement it. If it doesn't they won't. Likewise, if other applications arise, if they are compelling to the parties
in a position to implement the draft it will be implemented, otherwise it won't.
This is a good point, and one that has been brought up before. There are ways of controlling the distribution of RR from a particular edge network
Since many sites may not have fully secured their routers, if they identify the first hop router for each netblock they own, then there is the risk that people will make a stronger and more concerted attack on that router, perhaps trying to subvert or abuse features that may have been included and turned on by default.
if the network owner is concerned. I also mentioned this issue in the Security Considerations section of the draft.
Ed
#---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
