Thus far law enforcement outside the US have arrested and
prosecuted
considerably more suspected Internet criminals than the US.
This may come as a surprise to you, but the rest of the world is
actually larger than the US. (Oh wait, there I go with that dreaded
sarcasm. Sorry.)
The number of arrests per capita and the toital number of arrests in
several countries outstrips the US.
The idea that only the US is interested in Internet law enforcement is
untrue as the FBI and Secret Service will both be only too happy to
confirm.
Steve's implication that the situation is hopeless is simply wrong.
???
How can you secure a communication channel against crime in general?
Accountability.
They did it for the telephone system in the 1920s - the term phony
appears in the English language in 1900 when the telephone started to
spread. [The alternative etymology in certain editions of Webster via
Fawney appears to be unsupported guesswork]
We can do it for the Intetnet.
If you expect the IETF to stop pensioner savings stealing, you're
setting yourself up for a big disappointment.
I expect that whatever body leads Internet standards making will be
doing all it can to stop Internet criminals from stealing pensioners
life savings.
SSL is far from perfect, but I wouldn't say it's shelfware.
It allows
consenting hosts to secure themselves against men in the middle and
eavesdroppers without aid from the network. E2e in its purest form,
I'd say.
Actually it's a transport layer security mechanism. It does not provide
end to end integrity guarantees, non-repudiation or any of the other
silly requirements I and others tried to impose on the HTTP security
mechanism in the mid 90s.
More email is encrypted using SSL than any other technique. But it is
only transport encryption, the message is en-clair on the mail server
and is decrypted and re-encrypted for every message hop.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf