[Raven] The impracticality of wiretapping

[Wendell_Bishop@nmss.com]

Wiretapping can only be effective if there is governmental control of the
encryption devices.  Three possible locations for encryption are:

. in the network
. hard wired into manufactured terminals
. in the software of generic terminals

Government has some chance of controlling the first two of these.  But I
don't believe encryption software, especially open source, could be
similarly controlled.  Any deployment of encryption with backdoors will
simply drive users to the third option.

Secure connections over public channels have always been available.  An
audio telephone link can carry encrypted vocoded speech using modems.  Only
economics and convenience determines whether such connections are used.
Encryption software with sufficient processing power in a generic terminal
- PC migrating to set top box, wireless palm top, etc - is inexpensive
enough for most.  And communications software that keeps public keys with
addressing information should satisfy the requirement for convenience.

So I believe the IETF should declare the battle against wiretapping won,
and simply define a secure encryption that can be applied anywhere.  If the
government chooses to step in and prohibit its use in the network and
manufactured terminals, there may be a period of time where a wiretap
version is applied.  But I think this will eventually result in no
encryption in the network and manufactured terminals.  Agencies using
wiretapping will quickly tire of discovering a second level of secure end
to end encryption on all the potentially interesting connections.



_______________________________________________
raven mailing list
raven@ietf.org
http://www.ietf.org/mailman/listinfo/raven