Re: IP: IETF considers building wiretapping into the Internet

[Peter Gutmann]

"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:

>So -- how should the back door be installed?  In the protocol? In the telco
>endpoint?  Is it ethical for security people to work on something that lowers
>the security of the system?  Given that it's going to be done anyway, is it
>ethical to refrain, lest it be done incompetently?

Why not refrain in the *expectation* that it'll be done incompetently?  If
previous efforts along these lines (Clipper, TACDFIPSFKMI) are anything to go
by then:

  - The design and planning process alone will cost enough that it'll be a
    severe problem.
  - It'll take years to complete.
  - It'll be unworkable when it's done.
  - Throughout the entire process, it'll be a magnet for criticism from
    privacy advocates, the IT industry, telco's, left-wingers, right_wingers, 
        ...

If they want to play big brother, why not give them more than enough rope, 
point at a conveniently-placed tree limb if necessary, and then stand back?

(Since this is a mostly political debate, it's probably better to continue it 
 on the Raven list, http://www.ietf.org/mailman/listinfo/raven).

Peter.