[AusNOG] (Meta-)Data Retention

Matt Palmer mpalmer at hezmatt.org
Tue Aug 5 15:47:14 EST 2014


On Tue, Aug 05, 2014 at 02:03:22PM +1000, Jeremy Visser wrote:
> On 5 Aug 2014, at 10:57, Skeeve Stevens wrote:
> > I'd love the government to try to intercept VPN's - watch businesses
> > lose their minds if that happens.
> 
> As both a carrier and a business IT services provider, which hat do I wear
> when the feds show up?
> 
> (a) “Here’s a packet capture of this client’s encrypted VPN traffic. Good
> luck decrypting that — we’re only a carrier.”
> 
> (b) “Sure I have access to their router. Let me log on, grab the private
> keys, and decrypt the VPN for you.”

If you're not enabling perfect forward secrecy on everything, or pushing
customers to upgrade to equipment on which PFS can be enabled, you're being
derelict in your duty to your customers.  At which point, you shrug, hand
over the keys, and say "go for your life, copper".  Won't do 'em any good.

- Matt

-- 
I really didn't foresee the Internet.  But then, neither did the computer
industry.  Not that that tells us very much of course -- the computer
industry didn't even foresee that the century was going to end.
		-- Douglas Adams



More information about the AusNOG mailing list