Re: And they intend to do this securely, how, exactly?

[Jeffrey Walton <noloader () gmail com>]

On Mon, Sep 27, 2010 at 4:29 PM, Dave Paris <dparis () w3works com> wrote:
> On 9/27/2010 6:49 PM, Jeffrey Walton wrote:
> > On Mon, Sep 27, 2010 at 10:39 AM,<Valdis.Kletnieks () vt edu>  wrote:
> > > http://www.msnbc.msn.com/id/39379819/ns/technology_and_science-security/
> > >
> > > When the rest of the world is using OpenSSL and SSH, how you gonna do this
> > > securely?  (Yes, I know how to MITM an OpenSSL connection.  How do you design
> > > a network service so Good Guys can do that but Bad Guys can't?)
> > I'd like to read the details on circumventing, side stepping, and
> > preventing the use of OpenSSL and friends. Based on the limited
> > abilities of politicians (the US is in two wars right now because
> > policy exceeded their ability to practice diplomacy), it can't be too
> > impressive.
> >
> > In the end, its more gestapo legislation that will be abused by the US
> > government.
>
> It's a technical infeasibility that will never make it as legislation.
> Between non-US software companies, open source projects that will flip
> this their collective birds, and military use of crypto that would now
> require backdoors, I have no fear of this becoming law.
>
>  From the provider side, the hardware capability to monitor and process
> 10Gb links (or faster) is prohibitively expensive.  It's not as though
> Tier-1 providers are suddenly going to add taps into each 10G circuit,
> just waiting for that tap to fail and take out a decent amount of capacity.
After 9/11, I attended a talk at the University of Maryland given by a
fellow who was higher up in the food chain and had something to do
with electronic evidence (his name escapes me now). He made it clear
that the FBI had collected terabytes of information and the bureau had
months of processing for all the data collected (his point was that
moving from the paper/wired world to the paperless/electronic world
changed nothing in the way FBI did business).

It seems to me that US law enforcement already has most of what they
need, and are already accommodated by service providers.

> So, let the politicians be idiots.  It's easier to tell who's completely
> bereft of technical clue - and advisers - that way. (ok, so that's like
> picking the lesser of evils, but still..)
In the United States, politicians are not held accountable for their
actions. They can be idiots all day long, or they can serve themselves
by legitimizing and legalizing brides (ie, PAC contributions), or
change legislation to accommodate those providing the brides (for
example, the US financial industry).

Conceptually, Sparta had it right - they put their politicians on
trial when they left office. But unlike modern politicians, Spartan
politicians were held accountable.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.