On Sun, Mar 9, 2014 at 10:26 AM, Florian Weimer <f...@deneb.enyo.de> wrote:
> * Phillip Hallam-Baker: > > > But first, cite actual legal authority because I don't believe your > > interpretation of the law is remotely correct. > > § 8 Abs. 3 TKÜV: > > | Wenn der Verpflichtete die ihm zur Übermittlung anvertraute > | Telekommunikation netzseitig durch technische Maßnahmen gegen > | unbefugte Kenntnisnahme schützt, hat er die von ihm für diese > | Telekommunikation angewendeten Schutzvorkehrungen bei der an dem > | Übergabepunkt bereitzustellenden Überwachungskopie aufzuheben. [...] > > | If the obligated party [the organization to which these rules apply] > | uses technical measures at the network layer to protect submitted > | communications against unauthorized disclosure, it shall revert the > | protections on these communications for the surveillance copy > | provided at the handover interface. > > U.S. law is similar (47 U.S. Code § 1002 (b) (3), if that citation is > correct): > > | A telecommunications carrier shall not be responsible for > | decrypting, or ensuring the government's ability to decrypt, any > | communication encrypted by a subscriber or customer, unless the > | encryption was provided by the carrier and the carrier possesses the > | information necessary to decrypt the communication. > > If your ordinary resolver operator is a "carrier" is somewhat > questionable, but resolver operators generally comply with requests > for cleartext copies of traffic transitioning through their networks. > > I have no doubts that these operators will ask implementors to add the > necessary features to keep these capabilities--or they will just turn > on indiscriminate query logging. > We are not a carrier or an obligated party. The model where the carrier provides DNS resolution is bogus and obsolete for the reasons you cite. People are tired of being spied on without due process. Lets see some of the Abu Ghraib torturers facing criminal trial. -- Website: http://hallambaker.com/
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
