Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Dean Willis <dean.willis <at> softarmor.com>
Subject: Re: [ietf-privacy] wrt tcpcrypt and obscrypt
Newsgroups: gmane.ietf.obscurity
Date: Wednesday 13th April 2011 04:58:14 UTC (over 6 years ago)
On Apr 12, 2011, at 12:16 PM, [email protected] wrote:
> 
> 
> I don't think it is a trivial matter to have the IETF working on
confidentiality & privacy by mandating strong
> encryption in Internet (global) standards.  I suspect the intersection of
national laws and  technical standards
> is going to be a difficult road to walk, esp if there is a desire for a
global standard.
> 

We should perhaps focus on publishing technically correct standards with as
few security flaws and weaknesses as we can manage. Trying to decide
whether the specification can be legally implemented in Jurisdiction X, Y,
Z, and so on is an impossibly large problem.

In fact, it's possible to have conflicting legal imperatives: for example,
European laws on privacy protection might well conflict with Asian or North
American laws on interceptibility. I'm expecting IMAP/SSL and SMTP/TLS to
become illegal in India any day now, at least when used between mobiles
within the country and servers outside the country. But I don't think we'll
respond by deprecating either specification. If India wants to ban VPNs,
they can do that too. But at least the users will know that their privacy
is at-risk and economic pressures can be brought (what multinational would
put up with this?) to end the ban.

But if we deliberately design security weaknesses into protocols (or
continue to tolerate and maintain known problems for which we have a
solution), we're arguably negligently responsible for a whole lot of
problems.

--
Dean Willis
 
CD: 46ms