I would like to add another law enforcement perspective with two usage scenarios to what Ted Hardie says here below about the MUST have e2e security:
- Law enforcement will not be able to protect us since the bad guys will find out who they are and kill them first, - The financial system will have to revert to personal contacts only and armored carriers for everything. Or do you trust personal banking and fund transfers through ISPs that do deep packet inspection? Is this the type of society our engineers feel comfortable to enable? Or is it our duty to explain these consequences to law makers? Thanks, Henry -----Original Message----- From: Ted Hardie [mailto:[EMAIL PROTECTED] Sent: Saturday, November 10, 2007 8:11 PM To: Jonathan Rosenberg; Peterson, Jon Cc: IETF SIP List; Paul Kyzivat; Elwell,John; Dan Wing; Dean Willis Subject: Re: [Sip] media-security-requirements and lawful intercept At 12:00 PM -0500 11/10/07, Jonathan Rosenberg wrote: > >The customers of our protocols are the enterprises and service providers that deploy them. They may be among the customers of our protocols, but they are neither the only customers nor the most important ones. We build end-to-end protocols; in this case, one which enables person-to-person communications over extremely varied infrastructures. If we do not keep that in mind and deliver a protocol that enables that person-to-person communication to be secure, our reasoning for that protocol choice will not matter. We will have failed our main customer. Yes, the features may be rarely used, and many end-user customers may neither know nor care that they are even available. But there are customers who would use them if available, and there may well be more as the feature gets easier to use and the need more evident. If we do not build the system with *them* in mind, who will? You argue that LI will exist, like it or not. I don't think anyone here is blind to that reality. But there is a serious difference between designing a system which maximizes the security of its end users, knowing that there are mechanisms which may still compromise it, and designing a system to be palatable to those who intend to. There are increasing numbers of governments who treat any attempt to maintain personal privacy as thwarting their security interests, rather than seeing maintaining their citizens' privacy interests as part of their duty. I have no interest in making their bites at our privacy palatable, and I have no interest in pretending otherwise. Again, this is my personal view, and not meant in any way as disrespect to you, regards, Ted Hardie _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
