On Mon, Sep 27, 2010 at 4:29 PM, Dave Paris <[email protected]> wrote: > On 9/27/2010 6:49 PM, Jeffrey Walton wrote: >> On Mon, Sep 27, 2010 at 10:39 AM,<[email protected]> wrote: >>> http://www.msnbc.msn.com/id/39379819/ns/technology_and_science-security/ >>> >>> When the rest of the world is using OpenSSL and SSH, how you gonna do this >>> securely? (Yes, I know how to MITM an OpenSSL connection. How do you >>> design >>> a network service so Good Guys can do that but Bad Guys can't?) >> I'd like to read the details on circumventing, side stepping, and >> preventing the use of OpenSSL and friends. Based on the limited >> abilities of politicians (the US is in two wars right now because >> policy exceeded their ability to practice diplomacy), it can't be too >> impressive. >> >> In the end, its more gestapo legislation that will be abused by the US >> government. > > It's a technical infeasibility that will never make it as legislation. > Between non-US software companies, open source projects that will flip > this their collective birds, and military use of crypto that would now > require backdoors, I have no fear of this becoming law. > > From the provider side, the hardware capability to monitor and process > 10Gb links (or faster) is prohibitively expensive. It's not as though > Tier-1 providers are suddenly going to add taps into each 10G circuit, > just waiting for that tap to fail and take out a decent amount of capacity. After 9/11, I attended a talk at the University of Maryland given by a fellow who was higher up in the food chain and had something to do with electronic evidence (his name escapes me now). He made it clear that the FBI had collected terabytes of information and the bureau had months of processing for all the data collected (his point was that moving from the paper/wired world to the paperless/electronic world changed nothing in the way FBI did business).
It seems to me that US law enforcement already has most of what they need, and are already accommodated by service providers. > So, let the politicians be idiots. It's easier to tell who's completely > bereft of technical clue - and advisers - that way. (ok, so that's like > picking the lesser of evils, but still..) In the United States, politicians are not held accountable for their actions. They can be idiots all day long, or they can serve themselves by legitimizing and legalizing brides (ie, PAC contributions), or change legislation to accommodate those providing the brides (for example, the US financial industry). Conceptually, Sparta had it right - they put their politicians on trial when they left office. But unlike modern politicians, Spartan politicians were held accountable. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
