[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Raven] Q#1 protocol security

To: raven@ietf.org
Subject: [Raven] Q#1 protocol security
From: William Allen Simpson <wsimpson@greendragon.com>
Date: Tue, 12 Oct 1999 16:01:32 -0400
In-Reply-To: <199910111947.PAA13236@ietf.org>
List-Id: Raven Discussion List <raven.ietf.org>
Sender: raven-admin@ietf.org

>  "should the IETF develop new protocols or modify existing protocols 
>  to support mechanisms whose primary purpose is to support wiretapping 
>  or other law enforcement activities" 
>
Under pressure from the US government and large vendors, the IETF has 
already developed protocols that support such mechanisms.

The IETF has issued a Proposed Standard (RFC-2451) that makes 40-bit keying 
mandatory to implement.  This supports easy wiretapping.

The main mode of the IKE/ISAKMP protocol sponsored by the US NSA has 
as one of its principle features that the identity of the parties is revealed.  
This supports the trap-and-trace and stream selection capabilities.

In contrast, Photuris has a mandatory to implement design feature that 
masks the party identities, the algorithms employed, and other details, 
making it more difficult to select streams of information for analysis.

Is it any wonder that US vendors implement IKE/ISAKMP, but others
implement Photuris?

It is my position that the IETF should only develop protocols that inhibit
wiretapping and other activities that harm individual privacy and security.




_______________________________________________
raven mailing list
raven@ietf.org
http://www.ietf.org/mailman/listinfo/raven

References:
- [Raven] The IETF's position on technology to support legal intercept
  - From: The IESG <iesg-secretary@ietf.org>

Prev by Date: [Raven] A Vote for Practicality
Next by Date: [Raven] Q#2: informational
Previous by thread: [Raven] The IETF's position on technology to support legal intercept
Next by thread: [Raven] Q#2: informational
Index(es):
- Date
- Thread