SRv6

Łukasz Bromirski lukasz at bromirski.net
Mon Sep 21 07:38:13 UTC 2020


Mark,

> On 20 Sep 2020, at 13:02, Mark Tinka <mark.tinka at seacom.com> wrote:
> 
> 
> 
> On 19/Sep/20 22:53, Valdis Kl ē tnieks wrote:
> 
>> Are there any actual countries heading that way?  Seems like most of them insist
>> they have the ability to snoop unencrypted traffic (where "crypto that has a baked-in
>> back door" counts as unencrypted).
> 
> Let's not give them a reason.
> 
> The most I've heard (from Africa) is countries making requirements for nominated information to not be stored outside of the country, especially in the U.S, and parts of Europe. To some extent, this has pushed many of the cloud bags to become present in Africa so they can comply, although I'm not sure even sleeping with one eye open counts as being safe in that respect.

I believe right now the only country in the world with enforcing of crypto backdoors is Australia[1], which is kind-of crazy. OTOH, they had their own set of problems with massive Chinese intelligence penetration.

And we have couple of countries like Russia, obviously China, Turkey(?) that insist or either having your data locally, dear content provider, or forbid your service to operate at all in given country. Apple, Amazon, Microsoft and Google of this world are on a different level of compliance here. As far as I know, in most of EU countries, inspecting payload of customer traffic is explicitly forbidden by telco laws.

Ah, and there’s cooperation between US and EU about exchanging citizen data, which recently was stopped by EU once it become obvious, US was abusing that cooperation[2]. That can help potential malicious SP to cross-check and correlate user to content across continents.

We’re living in interesting times.

[1]. https://www.cyberscoop.com/australia-encryption-backdoors-law-passes/

[2]. https://www.wsj.com/articles/eus-top-court-restricts-personal-data-transfers-to-u-s-citing-surveillance-concerns-11594888385

-- 
Łukasz Bromirski
CCIE R&S/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A


More information about the NANOG mailing list