[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Sip] media-security-requirements and lawful intercept
- To: "Henry Sinnreich" <hsinnrei at adobe.com>, "Ted Hardie" <hardie at qualcomm.com>, "Jonathan Rosenberg" <jdrosen at cisco.com>, "Peterson, Jon" <jon.peterson at neustar.biz>
- Subject: RE: [Sip] media-security-requirements and lawful intercept
- From: "DRAGE, Keith \(Keith\)" <drage at alcatel-lucent.com>
- Date: Sun, 11 Nov 2007 16:47:08 +0100
- Cc: IETF SIP List <sip at ietf.org>, Paul Kyzivat <pkyzivat at cisco.com>, "Elwell, John" <john.elwell at siemens.com>, Dan Wing <dwing at cisco.com>, Dean Willis <dean.willis at softarmor.com>
- In-reply-to: <24CCCC428EFEA2469BF046DB3C7A8D223AE27D@namail5.corp.adobe.com>
- List-help: <mailto:sip-request@ietf.org?subject=help>
- List-id: Session Initiation Protocol <sip.ietf.org>
- List-post: <mailto:sip@ietf.org>
- List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
- References: <31D151A3D66E404AACBBB0247ACA54A7029C9E@STNTEXCH11.cis.neustar.com><4735E3A2.3020100@cisco.com><p06240601c35c10d69d4c@[98.207.2.111]> <24CCCC428EFEA2469BF046DB3C7A8D223AE27D@namail5.corp.adobe.com>
- Thread-index: AcgkCC6dD/LUmr8lQwejq6oiou80sQAa0iIgAAGcQIA=
- Thread-topic: [Sip] media-security-requirements and lawful intercept
This list is NOT for discussing the woes of society at large.
Please go back to the scope of this thread which is discussing the
contents of the media security requirements document.
Regards
Keith
> -----Original Message-----
> From: Henry Sinnreich [mailto:hsinnrei at adobe.com]
> Sent: Sunday, November 11, 2007 3:12 PM
> To: Ted Hardie; Jonathan Rosenberg; Peterson, Jon
> Cc: IETF SIP List; Paul Kyzivat; Elwell,John; Dan Wing; Dean Willis
> Subject: RE: [Sip] media-security-requirements and lawful intercept
>
> I would like to add another law enforcement perspective with
> two usage scenarios to what Ted Hardie says here below about
> the MUST have e2e
> security:
>
> - Law enforcement will not be able to protect us since the
> bad guys will find out who they are and kill them first,
>
> - The financial system will have to revert to personal
> contacts only and armored carriers for everything. Or do you
> trust personal banking and fund transfers through ISPs that
> do deep packet inspection?
>
> Is this the type of society our engineers feel comfortable to enable?
> Or is it our duty to explain these consequences to law makers?
>
> Thanks, Henry
>
>
>
> -----Original Message-----
> From: Ted Hardie [mailto:hardie at qualcomm.com]
> Sent: Saturday, November 10, 2007 8:11 PM
> To: Jonathan Rosenberg; Peterson, Jon
> Cc: IETF SIP List; Paul Kyzivat; Elwell,John; Dan Wing; Dean Willis
> Subject: Re: [Sip] media-security-requirements and lawful intercept
>
> At 12:00 PM -0500 11/10/07, Jonathan Rosenberg wrote:
> >
> >The customers of our protocols are the enterprises and service
> providers that deploy them.
>
> They may be among the customers of our protocols, but they
> are neither the only customers nor the most important ones.
> We build end-to-end protocols; in this case, one which
> enables person-to-person communications over extremely varied
> infrastructures. If we do not keep that in mind and deliver
> a protocol that enables that person-to-person communication
> to be secure, our reasoning for that protocol choice will not
> matter. We will have failed our main customer.
>
> Yes, the features may be rarely used, and many end-user
> customers may neither know nor care that they are even
> available. But there are customers who would use them if
> available, and there may well be more as the feature gets
> easier to use and the need more evident. If we do not build
> the system with *them* in mind, who will?
>
> You argue that LI will exist, like it or not. I don't think
> anyone here is blind to that reality. But there is a serious
> difference between designing a system which maximizes the
> security of its end users, knowing that there are mechanisms
> which may still compromise it, and designing a system to be
> palatable to those who intend to. There are increasing
> numbers of governments who treat any attempt to maintain
> personal privacy as thwarting their security interests,
> rather than seeing maintaining their citizens' privacy
> interests as part of their duty.
> I have no interest in making their bites at our privacy
> palatable, and I have no interest in pretending otherwise.
>
> Again, this is my personal view, and not meant in any way as
> disrespect to you,
>
> regards,
> Ted Hardie
>
>
>
>
>
>
> _______________________________________________
> Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol Use
> sip-implementors at cs.columbia.edu for questions on current sip
> Use sipping at ietf.org for new developments on the application of sip
>
>
> _______________________________________________
> Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol Use
> sip-implementors at cs.columbia.edu for questions on current sip
> Use sipping at ietf.org for new developments on the application of sip
>
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip