Encryption of national/international information - NZNOG - lists.nznog.org

newer
The New Threat: Targeted Internet...

Encryption of national/international information

older
Video about SFQ and uplinks

Juha Saarinen

18 Nov 2013 18 Nov '13

11:23 p.m.

Yahoo’s following Google’s example and will “encrypt all information that moves between our data centres by the end of Q1 2004” : http://yahoo.tumblr.com/post/67373852814/our-commitment-to-protecting-your-i... Would this be permitted in NZ? -- Juha Saarinen twitter: juhasaarinen

Attachments:

attachment.htm (text/html — 1.2 KB)
signature.asc (application/pgp-signature — 842 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

Jay Daley

18 Nov 18 Nov

11:33 p.m.

On 19/11/2013, at 3:23 pm, Juha Saarinen wrote:

Yahoo’s following Google’s example and will “encrypt all information that moves between our data centres by the end of Q1 2004” :

http://yahoo.tumblr.com/post/67373852814/our-commitment-to-protecting-your-i...

Would this be permitted in NZ?

Perhaps the question should be asked the other way around - "why wouldn't this be permitted?" Jay -- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840 linkedin: www.linkedin.com/in/jaydaley

Reply

Sign in to reply online Use email software

Juha Saarinen

11:46 p.m.

Due to interception capabilities being required, perhaps? -- Juha Saarinen twitter: juhasaarinen On 20/11/2013, at 7:33 am, Jay Daley wrote:

Perhaps the question should be asked the other way around - "why wouldn't this be permitted?"

Reply

Sign in to reply online Use email software

Rob McDonald

11:50 p.m.

The interception doesnt need to br covert. Un-encrypted streams could be supplied following receipt of thr appropriate court order. Which I believe is what was lacking in the case of the nsa scandal. Thanks Rob (on the go...) On 20/11/2013 7:46 AM, "Juha Saarinen" wrote:

Due to interception capabilities being required, perhaps? -- Juha Saarinen twitter: juhasaarinen http://twitter.com/juhasaarinen

On 20/11/2013, at 7:33 am, Jay Daley wrote:

Perhaps the question should be asked the other way around - "why wouldn't this be permitted?"

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Reply

Sign in to reply online Use email software

Joe Abley

19 Nov 19 Nov

12:12 a.m.

On 2013-11-19, at 13:50, Rob McDonald wrote:

The interception doesnt need to br covert. Un-encrypted streams could be supplied following receipt of thr appropriate court order. Which I believe is what was lacking in the case of the nsa scandal.

With a small concentration of layer-2 (and lower) transport providers, you can also challenge the ease at which court-ordered taps are deployable by adjusting your expectations about how data could be intercepted. For example, I think it's commonplace to assume that traffic carried between private networks over the public Internet deserves some protection; this is why people suffer the cost and inconvenience of VPNs. I think it's less common for people to assume that transport services below layer 3 are as vulnerable, which is quite arguably a mistake. A single court order delivered to a metro ethernet provider could facilitate interception of traffic between many different networks if they all happen to use the same layer-2 transport. Treat those metro ethernet services as hostile and encrypt the traffic across them, and the same interception capability might involve many more court orders and considerably more infrastructure in order to tap the points on the path where the traffic runs in the clear. Joe

Reply

Sign in to reply online Use email software

Brian E Carpenter

18 Nov 18 Nov

11:53 p.m.

On 20/11/2013 07:46, Juha Saarinen wrote:

Due to interception capabilities being required, perhaps?

That's exactly why the IETF decided many years ago not to consider wiretapping when writing standards (RFC 2804) and why the IETF is now busy looking for ways to make pervasive surveillance much harder (http://www.ietf.org/media/2013-11-07-internet-privacy-and-security). Brian

-- Juha Saarinen twitter: juhasaarinen On 20/11/2013, at 7:33 am, Jay Daley wrote:

...
...
Perhaps the question should be asked the other way around - "why wouldn't this be permitted?"

Reply

Sign in to reply online Use email software

Jay Daley

19 Nov 19 Nov

12:14 a.m.

On 20/11/2013 07:46, Juha Saarinen wrote:

...
Due to interception capabilities being required, perhaps?

There's a quagmire there about who can be required to help intercept, under what legal process, and with what expectation of success. Personally I would prefer that was something for law enforcement lawyers to prove rather than for us to assume. On 19/11/2013, at 3:53 pm, Brian E Carpenter wrote:

That's exactly why the IETF decided many years ago not to consider wiretapping when writing standards (RFC 2804) and why the IETF is now busy looking for ways to make pervasive surveillance much harder (http://www.ietf.org/media/2013-11-07-internet-privacy-and-security).

The phrase used this week by the Chair of the IETF is "Anything indistinguishable from an attack must be considered an attack". Which I took to mean that interception will be mitigated in the protocols regardless of whether or not it is "lawful" interception. Jay -- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840 linkedin: www.linkedin.com/in/jaydaley

Reply

Sign in to reply online Use email software

Volker Kuhlmann

12:42 a.m.

On Wed 20 Nov 2013 07:23:37 NZDT +1300, Juha Saarinen wrote:

Yahoo's following Google's example and will "encrypt all information that moves between our data centres

And why does any professional even pay attention to such news, other than to warn the public that they're being taken for a ride (again)? As long as their government can step in at any time and demand the decryption keys while also delivering a gigantic gagging order the word "decryption" for any American company is basically worthless. Unless they wanted to persuade the public that their services are trust(shudder)worthy. Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.dnsalias.net/ Please do not CC list postings to me.

Reply

Sign in to reply online Use email software

4051

Age (days ago)

4051

Last active (days ago)

Download

7 comments

6 participants

tags

participants (6)

Brian E Carpenter
Jay Daley
Joe Abley
Juha Saarinen
Rob McDonald
Volker Kuhlmann