No Internet Wiretaps 3
Pig Hogger writes "It's official. The IETF has officially decided NOT to
" consider requirements for wiretapping " in protocols, says this
Wired.com
story.
Now that they won't touch it, does this means that the vendors will implement it themselves? If so, I can't wait to see the backstabbing and fumbling that will happen when they will try to keep their proprietary ways under wraps... What will we see, a CISCO wiretapping standard, which is thoroughly incompatible with the Lucent Bugging Protocol??? "
Nice abstract (Score:2)
The IETF has been asked to take a position on the inclusion into IETF standards-track documents of functionality designed to facilitate wiretapping.
This memo explains what the IETF thinks the question means, why its answer is "no", and what that answer means.
That's what I call "style".
Please moderate this post to zero points.
Useful Observations (Score:2)
The abstract makes these observations:
- Experience shows that tools designed for one purpose that are effective for another tend to be used for that other purpose too, no matter what its designers intended.
- Experience shows that if a vulnerability exists in a security system, it is likely that someone will take advantage of it sooner or later.
If only other protocol designers (e.g the DVD-CCA) would keep such things in mind when designing their products, instead of trying to legislate/litigate unintended uses and security breaches away after the fact, we might avoid a great deal of trouble. Weak security will usually be broken sooner or later. And for goodness' sake, don't sue your customers when they use your products in ways you didn't intend.