209 posts • joined Friday 11th January 2008 00:56 GMT
.cs? That was a problem in about 1985, when we had to handle some email addresses in JANET name order (firstname.lastname@example.org) and some in DNS name order (email@example.com).
But indeed ICANN is right - this stupid money-grab will lead to epic fails.
"Only the adult account holder will be able to change the filter settings."
So they have technology that can detect age from keystrokes do they? Given how many Aged Parents don't understand technology and leave passwords and crap to the kids, I really do wonder how it will work.
Worse: *anybody* can do that. The best trick is probably to generate a binary of an open source browser that happens to include some home-made CA certificates, post that binary on a juicy-looking free download site, sit back and wait. Also, at best, TLS only authenticates one end, even if the certificate is valid. The trust model for TLS is so broken that bad actors don't even need to worry about breaking the crypto.
Re: Beep beep
And today, I find msyelf agreeing with Don Jefe, unlike a few days ago on another matter. Impose Hollywood's and Big Pharma's view of IPR protection so we can sell more kiwi fruit, dead sheep and milk powder? There's a real risk the NZ government will take that deal. Beuh.
Re: Actual facts about the IETF
@Don Jefe: I call BS. What on earth makes you think that government pressure has substantial effects on the IETF? Please give chapter and verse. Of course engineers from vendors and operators participate in the IETF, which is why IETF standards actually relate to the real world. Again: educate yourself.
I do know exactly who steers the IETF. I mean I know them personally. I assure you that the quickest way to get shouted down in the IETF is to say "My company thinks...". And nobody is stupid enough to say "My government thinks..." because it would be greeted by raucous laughter.
Actual facts about the IETF
I think Mr Jefe should actually watch the video of the session at http://www.ietf.org/live/ or https://www.youtube.com/watch?v=oV71hhEpQ20. You can skip the first 22 minutes of routine reports.
And even read a few words about how the IETF actually works, for example starting at http://www.ietf.org/newcomers.html
Re: More to the point, let's fix the code
Yes, people in the IETF are *very* aware of the risk of crypto algorithms and implementations that have been suborned, but that is only one issue among many, and *all* the issues need to be dealt with. What we now know with great clarity is that if any attack on privacy is possible, it will be exploited, so every single one of them needs to be fixed. The risk of backdoors being exploited by bad actors was pointed out years ago:
" What this boils down to is that if effective tools for wiretapping exist, it is likely that they will be used as designed, for purposes legal in their jurisdiction, and also in ways they were not intended for, in ways that are not legal in that jurisdiction." (RFC2804, May 2000)
More to the point, let's fix the code
Signals intelligence agencies have been breaking codes for a hundred years now, and they aren't going to stop because TimBL says so. So the constructive approach is to fix the problem, by making the Internet surveillance-resistant. The IETF decided to do that for the protocols it specifies just yesterday, in Vancouver. What's the W3C doing to help?
Re: They have
> So who is right and who is wrong?
Apparently the Australians (and the Canadians) are more obedient to instructions from Washington than the Brits or the Kiwis. I don't think there's any sense in asking who's right, since the whole thing is founded on xenophobia anyway, and on fear of a rising economy while the West declines.
Why expect rationality?
Since this is all about paranoia, stereotyping, xenophobia, and political posturing, why would you expect any rational reason to be needed for anything?
Rationally, you are far safer from backdoors with Chinese kit, because their industry doesn't have the fifty years or so experience with modern signals intelligence that UKUSA companies have. PRISM didn't just happen by accident, did it?
Re: After all the sabre rattling....
Strangely enough, the revelation that routers from the main US vendors have been subverted makes the paranoia about Huawei more understandable: people who knew what was going on with Cisco and Juniper boxes (but weren't allowed to talk about it) would have good reason to suspect Huawei boxes, but couldn't say why, so they used rumour and innuendo.
You're right though - the Snowden revelations have levelled the playing field, and about time too.
Re: Europe should create its own Internet
We tried that. Didn't work out too well.
Re: Can you see where this is going?
"global body comprised of governments"? Who ever suggested that; even the ITU can't be described accurately as that. The suggestion always has been a multi-stakeholder body without governments having a deciding role - which to be fair to ICANN and the US Govt, is to a large extent what we have today. It just needs to be moved out of US jurisdiction, into a jurisdiction that properly recognises the status of non-governmental organisations.
I can't imagine, though, why anyone would think for a moment that divorcing ICANN and the US would break the 'net or stop the spooks, so I find the whole story very puzzling.
Re: Equal footing with Uncle Sam
That isn't quite the point. Nobody is naive enough to believe that smaller countries (economically speaking) can have as much influence as larger countries. The issue is that ICANN shouldn't function under the law and jurisdiction of any one country, because it shepherds resources for the whole world. It shouldn't function under the UN (i.e. ITU in this context) either, on the basis of past experience. It should be (and should always have been) based as a recognised NGO in a neutral country, not as a pseudo-non-profit in the US.
All of which has nothing to do with PRISM.
Snowden leaks of GCHQ methods HELPED STUPID TERRORISTS
The ones who aren't stupid, presumably the most effective ones, have surely known for years that Five Eyes were reading their traffic. If they didn't know it before Rumsfeld talked about "chatter in the system", they certainly knew it then. But I presume they already used strong cryptography long before.
Re: So ... UKUSA agreement cracking?
Nah. Canada, Australia and NZ have been part of it since 1942 or thereabouts, even though it wasn't actually signed until 1946. No cracks worth mentioning, I don't think.
www.nsa.gov sez "Due to the Government Shutdown, this site is not being updated." Maybe they aren't capturing any metadata then.
Re: Such a waste of time and paper.
Er, some people can hold two ideas in their head at once, like trying to reduce human impact on the climate *and* limit population growth. And there's a bit of a problem here, too: we know that family sizes get smaller as people get richer, so the people of Africa and Asia need to get richer and less polluting simultaneously. Put that in your pipe and don't smoke it.
Re: Boy, do I need to study business!!
The real confusion is calling Milo Minderbinder a "cook". What an insult - the man was a genius, and he was the mess officer, well placed to buy and sell eggs with other people's money.
Re: I did busniess with Huawei 10 years ago.
"I dont know who started the rumors ... ten years before any of the NSA spy stuff was confirmed."
ECHELON was already well known by then, and you can be sure that NSA and GCHQ were already busy suborning the Western vendors and carriers ten years ago; the Snowden revelations are pretty old news. So somebody suggested to somebody to suggest to somebody else that Huawei might be doing the same thing. Or that they should be, if they wanted to sell kit to the West.
Re: Watts is a traitor
Where did that come from? In any case, everything he is reported as saying makes complete sense.
Re: FCC: Stand your ground!
You say Verizon is trying to "monetize something which they don't own". That's not quite right. They're objecting to two rules - one that prevents them from arbitrarily blocking user access to content, and another that only allows them to perform traffic engineering for "reasonable" technical purposes. What they are trying to do is grab the right to have captive customers, which is a lot *worse* than simply opposing network neutrality by discriminating against some content.
"NSA and the UK's Government Communications Headquarters (GCHQ) have placed backdoors in popular encryption standards "
That is *not* what Bruce says. He says they have placed backdoors in *implementations* of the standards - in other words, they've got at the code.
That's why open source implementations of cryptography are the way to go; you can look for the backdoor yourself (assuming you have the right skills). What we have learned this week, which we really knew already, is that you can't trust an implementation of cryptography that's sold to you in a black box.
Re: Good (or not)
otoh they passed a security bill the other day that effectively makes the Prime Minister a one-man FISA court, so that they next time they want to spy on the likes of Kim Schmitz they can do so legally.
"(sadly) ,Nick Griffin was at Downing."
Of course. That's why the College coat of arms has a griffin segreant:
history of the Guardian
" history of the Guardian. It was formed and funded by "liberals" with the sole aim of..."
Huh? It was "formed" by the Manchester Guardian, founded in 1821, which had achieved national circulation (unlike *any* other paper from outside London), relocating to London and dropping the "Manchester". In 1821 it was indeed "liberalist" but that meant opposing government oppression such as the Peterloo Massacre. The founders were for democracy and free trade.
It was however the first British newspaper to print the word "fuck" after Kenneth Tynan used it on live TV.
Our country will be the very last
It's an odd assertion anyway, given the amount of IPv6 activity in the US.
Also, "over-engineering" is a pretty vague slur. At this point in history, IPv4 is horribly over-engineered (just look at how load balancing works, for example).
So, time to copy NZ?
Yet another reason why various countries are liable to copy the NZ legislation currently being rammed through Parliament with desperate techniques, to expose any application service provider perfectly legally to PRISM or Xkeyscore at the whim of the government.
Post anonymously? What's the point? They know anyway.
Very cool, but extra work for XKeyscore I'm afraid.
"Shame on the courts that allow them to get away with it."
Whaddya mean? The NZ courts have come out of this very well so far, zapping GCSB heavily over the Kim.com affair. That's exactly why the Key.govt is now zapping the law. I wouldn't be surprised to see a Human Rights Act case against the new law in due course, which would give the courts a second shot.
Also the story doesn't emphasise that if the bill passes it will be by one vote, and that vote comes from an MP widely regarded as a joke.
"Suggest you delete your post"
Because it's hot news that some versions of Java have security issues?
Really, this horse left the stable quite a while ago...
Re: Perhaps given the wording...
Given that there is no god, the second clause is also a given.
Re: The Civil Service at its best!
But once again, as with PRISM: what's the surprise? It was obvious from press stories months ago - maybe even here at Ye Vulture Central - that the centre was operated by Huawei itself. How come they're surprised?
I need an icon for head scratching.
Re: Not too much
Indeed. If you remember Clipper, key escrow, and all that, would you really expect them to be happy about putting strong asymmetric key cryptography into everybody's tablet and smartphone? Without that, confidentiality (aka privacy) is pretty much impossible.
Re: Only criminals have privacy
"It takes just a few minutes for criminals to setup encryption..."
I think you mean serious and organised groups. Amateur-hour crims and terrorists don't know or don't bother, so tend to get caught by surveillance states. The real concern has always been that the really dangerous ones will have unbreakable crypto, whatever the law says and whatever the sigint people do.
Not permissible and not appropriate
"Instead, the EWG recommends a paradigm shift whereby gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use."
In other words, they want to allow people who register domains to be able to hide that fact from the public. I don't think that's appropriate and I don't think it should be permitted.
To say that again: who registered any domain name *must* be public information. Anything else will just help slimeballs and swindlers. (And providing such information to the public should just be part of the cost of doing business for the registries: quit moaning that whois costs money.)
It goes without saying the the IP address part of whois is equally vital.
Re: Express incredulity
I think we'd be talking about fibre taps leading off to very specialised passive bit snarfers, not NetFlow and the like. No science fiction there, and as another comment said, traffic sampling would help identify targets for more focussed snarfing where NetFlow might suffice.
Re: pretty pissed off
"the press are still pretty pissed off about their personal phone interceptions"
But are they surprised? I've assumed since about 1996 that my email has all been sucked up by some large machine somewhere; technology comes and goes, but the people who fought so hard against ready public access to cryptography had a reason for doing so back then, and what could it have been except a big electronic vacuum cleaner? Of course the same applied to phone records as soon as they went onto computers, decades ago.
Kudos to Mr Snowden, but, really, where's the surprise?
Good for them
Never thought I'd say it - good for the govt! The paranoid xenophobic nonsense about Huawei deserves to be ignored.
Re: Wrong direction
> Or just define a standard.
Exactly. Like it or not, there *will* be DRM for HTML5 content. Better an interoperable standard than random proprietary solutions. As long as it is an optional standard, of course.
The EFF should worry about applicability of DRM, not about its existence, which is a given.
How do you know that? Given that so many "Western" companies subcontract manufacturing to China (etc.), but pay for their R&D and ridiculous senior management salaries and bonuses at OECD rates, how do you know that Chinese companies aren't simply cheaper to run?
"by using the products these companies are pushing"
Indeed. Here are security companies saying it's all getting worse so you need more of our products. Actually, that's the wrong conclusion. The correct conclusion is that the current approach isn't working so we need something different. Putting gates across exits from the M25 doesn't prevent bank robberies in Central London. Perimeter defence doesn't work. Better designed banks prevent bank robberies. Better designed operating systems and applications prevent cyber attacks and privacy invasions.
People blame the network for, say, SQL injection attacks. Silliness.
Irrelevant Re: Totally Meaningless Study
"poll showed 78% of Americans believing that the Bible is either the actual or inspired Word of God." Startlingly irrelevant. The climate change argument is about whether the relationship between the Industrial Revolution and the currently observed rate of climate change is coincidence or cause and effect. And the present study claims to show that 97% of relevant scientists think it's cause and effect. What has the god delusion among the general population got to do with it?
You can certainly criticise the study's methodology, but comparing it with the Pew study is a category mistake.
Re: If they rolled out IPv6
Fortunately, IPv6 can help your privacy: RFC4941.
Re: Wow, what an ingenious fix!
It is really worth looking at the legal analysis just released (to coincide with a visit to NZ by no less than Eric Holder, Attorney General of the United States):
It repays careful study.
Re: Needs DRM
I agree, but with two provisos:
1. The default must of course be no DRM.
2. The DRM mechanism must allow *individuals* (or small groups) a low-cost low-hassle way to use it. That's because the way to destroy the various evil DRM empires is not to steal content - it's to allow creators to manage the sale of their own creations without needing a big bad bloodsucker to "help" them. That means a DRM system that anybody can use to protect their own stuff.
Re: Nobody is mentioning speccy five eyes
I think you'll find that NZ has been on board with UKUSA since about, oh, 1946,
when NZ was part of the Melbourne Sigint Centre with UK and AU. [Source: UKUSA documents declassified in 2010.]
Re: "...digital copies of books should "deteriorate"..."
Why is it OK? It's plain stupid, but of course it serves the publishers' interests, not the authors', so that's what they would say, innit?
A flat rate price with a fair % added to the author's royalty is simpler and will not give anyone an incentive to hack the bitrot.
They'll be inventing hardback and paperback versions of ebooks next.
Re: He's not totally wrong
"the reputation I've built over the last 35 years protecting the enterprise is still worth something today. Ten years from now, who knows?"
I think the CFO will want you replaced by someone equally concerned about protecting the enterprise, which would include being ultra-cautious about trusting data to a fuzzy, vapourous 3rd party.
If the CFO doesn't want that, sell your shares after retirement, because they will become worthless.
Re: Here's How It Should Have Been Done
Unless I'm more confused than normal, the only way an IP packet with a spoofed source address can arrive is if the spoofer's ISP has not implemented RFC 2827 (ingress filtering), which has been best current practice since May 2000, updated by RFC 3704 in 2004. There is simply no excuse for the apparently large number of ISPs that don't do this; they are completely responsible for allowing this kind of DDOS.