Paul, > I think we can envisage that the proposed regime could be made to work by > issuing content providers > with Technical Capability Notices that would require the content provider to > create asecure channel for > access to the clear text, similar to how secure OOB can be enabled for > remote users. Traditional AAA > mechanisms could be used to ensure that access is secure, logged and audited > to ensure all accesses > have been duly authorised.
I agree that this is probably one way it might work, but my problem is that the endpoint for this "secure" channel is not hidden in the carrier or CSPs network. It needs to be accessible by the service provider and LEA, and hence is open to the internet. It would only be a matter of time before that is exploited. Chris _______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
