Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Telecoms required to save logs of e-mail

From: David Farber <dave () farber net>
Date: Sat, 3 Dec 2005 06:44:12 -0500


Begin forwarded message:

From: Phil Karn <karn () ka9q net>
Date: December 2, 2005 9:44:53 PM EST
To: dave () farber net
Cc: ip () v2 listbox com
Subject: Re: [IP] Telecoms required to save logs of e-mail
BRUSSELS, Belgium—EU justice and interior ministers agreed Friday on plans that would require telecommunications companies to retain records of phone calls and e-mails for a minimum of six months for use in investigations of terrorism and other serious crimes. 

and Bob Franksten comments:
> Too bad reporters don't ask question such as whether the legislatures understand that you don’t need a phone company to make a phone call and you don’t need a PTT to send email.
Note that an ISP can easily log email even when a user runs his own SMTP server and/or delivers his own outbound mail. You just record all the raw packets to port 25.
On the other hand, the SMTP STARTTLS (start transport layer security) command is getting pretty common these days, as most MTA senders will now use it automatically whenever the receiving MTA advertises support for it. Receiver support is not the default because it requires a X.509 certificate, but some installation scripts (e.g., Debian Linux) automatically generate and install a self-signed certificate if required.
Even much of my incoming spam comes in with STARTTLS these days. I figure that should make traffic analysis just a little more difficult.
When a SMTP session uses STARTTLS, only the IP addresses of the MTAs are visible to a passive wiretap at the ISP. Because self-signed certificates are so common, however, an active man-in-the-middle attack would probably work in most cases. Clearly we need certificate caching like that implemented in SSH.
Under Friday's deal, investigators will be able to view logs of phone calls and e-mail messages, but it does not allow them to view content of the messages.
That implies that only headers need be logged, so PGP or S/MIME by itself (without STARTTLS) provide no protection at all as they both leave all email headers in the clear. 




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: