On Wed, 13 Oct 1999, Steven M. Bellovin wrote:
>< . . . . >
> So -- how should the back door be installed? In the protocol? In the
> telco endpoint? Is it ethical for security people to work on
> something that lowers the security of the system? Given that it's
> going to be done anyway, is it ethical to refrain, lest it be done
> incompetently?
>
>--
>Steve Bellovin
>
Is it a given that IETF standard protocols will contain backdoors? I
support the idea of bringing the issue before the IETF. Surely the vast
majority will oppose weakening the protocols.
The IAB security position paper (RFC 2316) seemed to come down on the side
of strengthening security in the Internet. It may be a given that certain
types of _US_ communciations equipment will permit easy wire-tapping, in
order to meet US federal requirements, but that is not the same thing as
jeopardizing the strength of international communciations standards.
The IETF needs to stand up and do what's right on this. Write the area
directors, the IAB, and the ISOC members and tell them what you think.
Attend a meeting and raise hell. Too bad the next meeting is in the FBI's
backyard.
We must look like arrogant fools to the rest of the world for thinking
that the FBI is going to set global wiretapping standards.
I vote to make security protocols as strong as we can make them, given the
technology and the hassles over intellectual property, and bearing in mind
that there will always be trade-offs between security and speed, security
and ease-of-use, etc. These are engineering issues.
