Security over SONET/SDH
Phil Fagan
philfagan at gmail.com
Wed Jun 26 01:20:28 UTC 2013
Well put Leo; defense-in-depth.
On Jun 25, 2013 6:57 PM, "Leo Bicknell" <bicknell at ufp.org> wrote:
>
> On Jun 25, 2013, at 6:34 PM, sam at wwcandt.com wrote:
>
> > I believe that if you encrypted your links sufficiently that it was
> > impossible to siphon the wanted data from your upstream the response
> would
> > be for the tapping to move down into your data center before the crypto.
> >
> > With CALEA requirements and the Patriot Act they could easily compel you
> > to give them a span port prior to the crypto.
>
> The value here isn't preventing <insert federal agency> from getting the
> data, as you point out there are multiple tools at their disposal, and they
> will likely compel data at some other point in the stack. The value here
> is increasing the visibility of the tapping, making more people aware of
> how much is going on. Forcing the tapping out of the shadows and into the
> light.
>
> For instance if my theory that some cables are being tapped at the landing
> station is correct, there are likely ISP's on this list right now that have
> transatlantic links /and do not know that they are being tapped/. If the
> links were encrypted and they had to serve the ISP directly to get the
> unencrypted data or make them stop encrypting, that ISP would know their
> data was being tapped.
>
> It also has the potential to shift the legal proceedings to other courts.
> The FISA court can approve tapping a foreign cable as it enters the
> country in near perfect, unchallengeable secrecy. If encryption moved that
> to be a regular federal warrant under CALEA there would be a few more
> avenues for challenging the order legally.
>
> People can't challenge what they don't know about.
>
> --
> Leo Bicknell - bicknell at ufp.org - CCIE 3440
> PGP keys at http://www.ufp.org/~bicknell/
>
>
>
>
>
>
More information about the NANOG
mailing list