On 12/07/17 21:01, Kathleen Moriarty wrote: > With no hat on... > > The difference with the WordPress & SMTP examples is that you know > content will sit in plaintext on the servers, whereas with POTS, you > need to wiretap to get the voice content. You only expect the log > that the call transpired to exist with the service provider.
Sure POTS != the web or smtp, though 2804 specifically calls out pen-traces as being covered, so we're not only dealing with bulk call content. But in any case the precise mechanisms used to get the pen-trace equivalent or the bulk content to the wiretapper as cleartext isn't really significant - whether that be via a carload of tapes, a fat pipe from the MTA or wordpress.com-like site to the wiretapper, or via a few KB-per-DH-private if the wiretapper already has the bulk ciphertext in hand. The crucial thing here is that the leak of the DH private values is needed to enable that ciphertext to be rendered as plain, and this proposed mechanism is how that part of the wiretap service would be enabled, and that's why these examples fit the 2804 definition. Put another way - it doesn't matter if a traditional POTs wiretap is done via a conference call setup (frequently done) or by actually recording to a tape device as was done in the past. And just the same, it doesn't matter that the mail or web content is also available as plaintext to the leaker of the DH private value. All of those can be used to provide a wiretap service as per the 2804 definitions. (In fact a wiretap based on leaking DH private values would be much more efficient for an entity that already has the capability to capture packets are lots of places on the Internet, but that's not that important in terms of whether the 2804 term is right or not.) Does that help? Cheers, S. > > I'm still in a mode of listening to arguments, but wanted to point > this out in case better examples emerged. > > Thanks, Kathleen > > >> What is also true is that the draft being discussed is entirely >> clearly usable for wiretapping in some applications that use TLS >> according to the definition in 2804. >> >> S. >> >> >>> >>> Kyle >>> >> >> _______________________________________________ TLS mailing list >> TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
