[5897] in cryptography@c2.net mail archive
Re: IP: IETF considers building wiretapping into the Internet
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Oct 13 16:49:03 1999
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@c2.net
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
Date: Thu, 14 Oct 1999 09:02:33 (NZDT)
Message-ID: <93984495317296@cs26.cs.auckland.ac.nz>
"Steven M. Bellovin" <smb@research.att.com> writes:
>So -- how should the back door be installed? In the protocol? In the telco
>endpoint? Is it ethical for security people to work on something that lowers
>the security of the system? Given that it's going to be done anyway, is it
>ethical to refrain, lest it be done incompetently?
Why not refrain in the *expectation* that it'll be done incompetently? If
previous efforts along these lines (Clipper, TACDFIPSFKMI) are anything to go
by then:
- The design and planning process alone will cost enough that it'll be a
severe problem.
- It'll take years to complete.
- It'll be unworkable when it's done.
- Throughout the entire process, it'll be a magnet for criticism from
privacy advocates, the IT industry, telco's, left-wingers, right_wingers,
...
If they want to play big brother, why not give them more than enough rope,
point at a conveniently-placed tree limb if necessary, and then stand back?
(Since this is a mostly political debate, it's probably better to continue it
on the Raven list, http://www.ietf.org/mailman/listinfo/raven).
Peter.
