Re: [perpass] India withdraws encryption policy - Re: India posed to require cleartext, cleartext retention, cipher and backdoor mandates
Eric Burger <eburger@standardstrack.com> Tue, 22 September 2015 11:58 UTC
Return-Path: <eburger@standardstrack.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBA911A6EF9 for <perpass@ietfa.amsl.com>; Tue, 22 Sep 2015 04:58:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.011
X-Spam-Level:
X-Spam-Status: No, score=-1.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nY1j_cVjGKm6 for <perpass@ietfa.amsl.com>; Tue, 22 Sep 2015 04:58:15 -0700 (PDT)
Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [74.124.215.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40EE31A6EDE for <perpass@ietf.org>; Tue, 22 Sep 2015 04:58:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=Content-Type:MIME-Version:To:From:Message-ID:Subject:Date; bh=G8IP9tBZwnunL6FKIUI23P6kCH739AV74HUxzYcXWYQ=; b=P9uEgy48WoIdigOJzkklMWDCVoFbSKo/+pbBS5/Uw5FyaV70jOsFhKeCKwU80sfFmLN0YZgVLFvSXKimcToAz/neKFaJ4XzSdEotfXyS6xaAZsmOsfE6xeoUSNRnq7Ua/mJjjN0Yk8d5a7vtYVo/qVgSqp4e3/rT023cSozQ7I0=;
Received: from 122.sub-70-192-198.myvzw.com ([70.192.198.122]:6391 helo=[100.77.108.11]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.85) (envelope-from <eburger@standardstrack.com>) id 1ZeMD0-0005by-Vn for perpass@ietf.org; Tue, 22 Sep 2015 04:58:14 -0700
Date: Tue, 22 Sep 2015 07:58:04 -0400
Message-ID: <sc3qdtbj9pkoaal3k56vaqxj.1442923084395@email.android.com>
Importance: normal
From: Eric Burger <eburger@standardstrack.com>
To: perpass <perpass@ietf.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--_com.android.email_3206973088857840"
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/4idh0qFKe3oRlHz0Z5ZDWVbgDqs>
Subject: Re: [perpass] India withdraws encryption policy - Re: India posed to require cleartext, cleartext retention, cipher and backdoor mandates
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2015 11:58:17 -0000
I also would not rest easy. They came up with a potential model to have secure encryption and no security. Sure - you can have strong, back doorless encryption. You just cannot store the information securely
Sent from my mobile device. Thanks be to LEMONADE: http://www.standardstrack.com/ietf/lemonade
-------- Original message --------
From: Joseph Lorenzo Hall <joe@cdt.org>
Date: 09/22/2015 7:49 AM (GMT-05:00)
To: Dan York <york@isoc.org>
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] India withdraws encryption policy - Re: India posed to require cleartext, cleartext retention, cipher and backdoor mandates
I'm not so sure we should take comfort in their withdrawal of the policy as all reports are that they are revising and reissuing... We'll see what the next iteration involves!
On Tuesday, September 22, 2015, Dan York <york@isoc.org> wrote:
There was a significant amount of public outcry yesterday within India and the latest news is that the government of India is apparently withdrawing the draft policy:
http://timesofindia.indiatimes.com/tech/tech-news/Government-withdraws-draft-of-encryption-policy/articleshow/49057232.cms
Prior to that the government agency involved had already issued an update saying that the draft policy would NOT apply to TLS in web commerce and social media, messaging, etc. The update document seems to have been removed, but is captured here
by a news site:
http://www.medianama.com/2015/09/223-india-draft-encryption-policy/
Dan
On Sep 21, 2015, at 1:07 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
Sheesh, there is so much wrong in that document. And they
top it off by recommending RC4.
Does anyone know if this is a policy that is likely to be
enforced or one that'd be more honoured in the breach?
S.
On 21/09/15 17:45, Joseph Lorenzo Hall wrote:
Obviously, of relevance to those that will be at the IAB MARNEW
workshop this week (although this isn't in any way specific to radio
networks).
* Everyone (all individuals and businesses) using encryption must
store unencrypted content for 90 days
* Government will dictate algorithms and key sizes
* Possibility of a legally mandated backdoor
Article from Daily Dot:
http://www.dailydot.com/politics/india-encryption-backdoors-draft-policy/
Text of the proposal (comments due 16 Oct.):
https://info.publicintelligence.net/IN-DraftEncryptionPolicy.pdf
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
--
Dan York
Senior Content Strategist, Internet Society
york@isoc.org +1-802-735-1624
Jabber: york@jabber.isoc.org
Skype: danyork http://twitter.com/danyork
http://www.internetsociety.org/
--
Joseph Lorenzo HallChief TechnologistCenter for Democracy & Technology1634 I ST NW STE 1100Washington DC 20006-4011 (p) 202-407-8825(f) 202-637-0968joe@cdt.orgPGP: https://josephhall.org/gpg-keyfingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871