[112510] in cryptography@c2.net mail archive
Re: Death of antivirus software imminent
daemon@ATHENA.MIT.EDU (Alex Alten)
Sun Jan 6 11:53:58 2008
Date: Fri, 04 Jan 2008 15:19:52 -0800
To: "Leichter, Jerry" <leichter_jerrold@emc.com>
From: Alex Alten <alex@alten.org>
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>,dan@geer.org,
cryptography@metzdowd.com
In-Reply-To: <Pine.SOL.4.61.0801041740420.15241@mental>
At 05:47 PM 1/4/2008 -0500, Leichter, Jerry wrote:
>| ...Also, I hate to say this, we may need to also require that all
>| encrypted traffic allow inspection of their contents under proper
>| authority (CALEA essentially)....
>Why not just require that the senders of malign packets set the Evil Bit
>in their IP headers?
>
>How can you possibly require that encrypted traffic *generated by the
>attackers* will allow itself to be inspected?
You misunderstand me. We can for the most part easily identify encrypted
data, either it is using a standard like SSL or it is non-standard but can be
identified by data payload characteristics (i.e. random bits). If it is a
standard
(or even a defacto standard like Skype) we can require access under proper
authority. If it is not (or access under authority is refused), then just
simply
block or drop the packets, there's no need to inspect them.
- Alex
--
Alex Alten
alex@alten.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com