[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec IP Telephony:End to End or Segment

Steve Bellovin writes:
> CALEA does not prohibit end-to-end encryption, nor does it mandate any
> form of key escrow.  


> If the communicating parties set
> up their own session, say via something like PGPphone, CALEA doesn't
> apply.  (Rather, the obligation on the carrier would be to turn over
> the ciphertext, and let Ft. Meade figure it out.)

Right, but my point is that the FBI and their friends in domestic 
surveillance will (presumably) demand from the U.S. Congress the same 
access to useful plaintext voice call content -- with proper 
authorization -- they already have in the PSTN.  I don't expect the 
Atty. General and Dir. FBI to say "oh well, I guess we can't tap 
any more phone calls in transit" without a big fight. 
This is what I meant when I referred to "CALEA-style" intercepts in 
my previous message.  I'm trying to anticipate the next generation of 
CALEA-like legislation.

I don't know what Congress might mandate as a remedy, but generally 
I expect they would/will try to meet the "legitimate needs of law 
enforcement" in this matter.  I'm concerned that they may regulate 
end-user software and dedicated hardware, and/or try to inject key 
escrow (GAK) into IP telephony protocols.  [There's a stub section 
for key escrow support in the most recent draft I've seen of H.235, 
the ITU-T draft recommendation on "Security and Encryption for H 
Series (H.323 and other H.245 based) multimedia terminals".  It's 
labelled For Future Study in the 25 Feb 1998 draft.]