[Patient] DOJ first on encryption services
Tony Rutkowski <tony@yaanatech.co.uk> Sun, 18 March 2018 11:20 UTC
Return-Path: <tony@yaanatech.co.uk>
X-Original-To: patient@ietfa.amsl.com
Delivered-To: patient@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 299781243FE for <patient@ietfa.amsl.com>; Sun, 18 Mar 2018 04:20:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i3lwhJ7DZUJt for <patient@ietfa.amsl.com>; Sun, 18 Mar 2018 04:20:09 -0700 (PDT)
Received: from uk-www1.yaanatech.uk (uk-www1.yaanatech.uk [46.20.116.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE19F1242F5 for <patient@ietf.org>; Sun, 18 Mar 2018 04:20:08 -0700 (PDT)
Received: from [192.168.1.53] (pool-70-106-194-121.clppva.fios.verizon.net [70.106.194.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by uk-www1.yaanatech.uk (Postfix) with ESMTPSA id B07C7540231; Sun, 18 Mar 2018 11:20:05 +0000 (GMT)
From: Tony Rutkowski <tony@yaanatech.co.uk>
Reply-To: tony@yaanatech.co.uk
To: Brian Witten <brian_witten@symantec.com>
Cc: "patient@ietf.org" <patient@ietf.org>
Organization: Yaana Limited
Message-ID: <02be9028-a8fd-f527-826b-5361de1470ce@yaanatech.co.uk>
Date: Sun, 18 Mar 2018 07:20:04 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/patient/PrOTW6YqyNf1RfsMZ_dxH0YV7pM>
Subject: [Patient] DOJ first on encryption services
X-BeenThere: patient@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Protecting against Attacks Tunneling In Encrypted Network Tunnels <patient.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/patient>, <mailto:patient-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/patient/>
List-Post: <mailto:patient@ietf.org>
List-Help: <mailto:patient-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/patient>, <mailto:patient-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 11:20:10 -0000
Hi Brian, https://www.justice.gov/usao-sdca/pr/chief-executive-and-four-associates-indicted-conspiring-global-drug-trafficker This action announced on Thursday by the US Attorney's office is a first. It suggests the US Feds will be going after companies who cater to the wrong customers with encryption services. It seems likely that most countries, providers, and enterprises will simply block or degrade TLS 1.3, QUIC, and other pervasive encryption protocols. However, there will always be outliers who will take the risk. This DOJ action (and likely clones elsewhere in the world) adds some greater risk to the equation when the provider fails to undertake due diligence on the uses being undertaken by the customers running TLS 1.3 and QUIC servers. Where the customer is using the technology to evade law enforcement, including DCMA strictures, the provider may find themselves complicit through criminal or civil proceedings. --tony ps. They probably will not come after those developing the standards, but then the IESG probably has sufficient liability insurance courtesy of ISOC to handle litigation costs and fines.
- Re: [Patient] DOJ first on encryption services Kathleen Moriarty
- Re: [Patient] DOJ first on encryption services Eric Rescorla
- Re: [Patient] DOJ first on encryption services Bret Jordan
- [Patient] DOJ first on encryption services Tony Rutkowski
- Re: [Patient] DOJ first on encryption services Diego R. Lopez
- Re: [Patient] DOJ first on encryption services Tony Rutkowski
- Re: [Patient] DOJ first on encryption services Tony Rutkowski
- Re: [Patient] DOJ first on encryption services Eric Rescorla
- Re: [Patient] DOJ first on encryption services Diego R. Lopez
- Re: [Patient] DOJ first on encryption services Tony Rutkowski
- Re: [Patient] DOJ first on encryption services Eric Rescorla
- Re: [Patient] DOJ first on encryption services Bret Jordan
- Re: [Patient] DOJ first on encryption services Eric Rescorla