Hi, On 11/25/15 12:52 PM, Derek Fawcus wrote:
> Well, one of the characteristics of the IPB is that it seems to require ISPs > to maintain a database of all 'connections', so assume of all TCP sessions, > start/end times with src/dst addr+ports; and that TPTB can make a demand for a > record matching a set of search keys (assume dst IP, port 25). > > So while the network level mechanisms may be able to monitor all traffic on > the > interface, having port agility means that the request for a connection record > potentially has to ask for all connections, not just those to port 25, and > that > the results are not necessarily immediately characterised as being email. This smells a lot more like an attempt to inhibit lawful intercept than it does to stop a bad guy spying on email. I believe that is the wrong goal. Moreover, we have been pleading with SPs for DECADES to block outbound port 25 in favor of 587 so that home systems do not relay email directly. With various BLs perhaps that advice is a little long in the tooth, but bad guys don't need a lot of sites to fail to use BLs to get stuff through. Encryption combined with aggregating MSPs will obscure flows. Small SPs may be another matter. Any evidence to the contrary that shows ability to correlate messages in an encrypted environment would be welcome. Eliot
signature.asc
Description: OpenPGP digital signature
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
