On Fri, May 19, 2006 at 03:59:46AM -0400, Dan Mahoney, System Admin wrote: > I can't speak for the british government, but if someone came to me and > said "someone is using your SSL-enabled webmail system to traffic kiddie > porn" and felt that somehow the easiest way to sniff their traffic was I can't believe you have actually bought into this tripe about terrorists, and pedophiles. Consider it the new Godwin's law: if someone mentions pedophiles, terrorists and drug traffickers in order to justify wiretapping, that argument is automatically nil and void. > with my private key (as opposed to just asking me to tap their spool > dir, tar up their homedir, and gladly hand over any information > associated with them), I'd be more than willing to cooperate. With Are you running a Tor node? You should not be running a Tor node. > probable cause. I know warrants are difficult, but I come from a law > enforcement family. > > Sadly, the truth here is that if someone is using my server, then the > fedgov HAS to act as if I am in on this, and will likely blow their > investigation if they contact me -- at least this is how procedural rules > are set up for them. So basically I can use bogus pedophile and terrorist charges to shut down about anybody? No doubt that's terribly convenient for some people. > I've investigated kiddie porn complaints on my network, and let me say > this in total seriousness -- while we've all seen the maxim-like young > looking models that are just recently 18 (hell, they advertise on regular > cable here in the states)...every once in a while you come across a site > like the ones in question that is so blatant, so disgusting -- where > there's no question in your mind that yes, that's thirteen. Following What has this to do with turning over your keys because somebody claims that children are being violated somewhere? > that, there's a fit of nausea and a willingness to research some drug or > amount of voltage that can remove the images you've just seen from your > mind. I'm told the sensation is about ten times worse if you're a parent. So, again, what has moral indignation to do with cooperating with people who you *know* would lie and bend the law to their advantage? > With that said, however... > > There's nothing stopping governments from logging the traffic (possibly at > a higher level, like the upstream level) and then getting a subpoena for > whatever key was used to encrypt it. > > The PROBLEM with this method is that once the length of the warrant has > expired, 99 percent of people out there DO NOT check CRL's. I myself am > guilty of this. I.e. once the government HAS your key, they've got it for > the lifetime of your cert -- and while you can certainly retire that cert > from use, there's no way to prevent the now-compromised cert and key from > being used creatively for the remainder of the validity period. > > Or am I wrong here? Yes, you're being a good German here. Facilitating the totalitarian takover, by cooperating instead of being difficult. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Attachment:
signature.asc
Description: Digital signature