On Fri, 19 Dec 2008, Eugen Leitl wrote:

Anyone familiar with legal requirements for ISP data retention and common off-the shelf lawful interception products, does going connectionless protocol like UDP make things more difficult for Mallory, and buys Alice/Bob a few years more time until this potential loophole is closed?

Connectionless protocols havent been an issue for Mallory for years. While i am no longer working in the core, when I left, there were already a half dozen tools widely distributed that could pull of reconstruction of just about any defined protocol, connectionless, connection, or multiflow/multiconnection. Lawful intercept requirements are still a debated topic, however, when I left most was being done under an FBI Patriot Letter. Once in a great while you'd see another agency, but FBI is the primary Mallory of concern today: Draw your own conclusions as to what they can/cant do with caution though. They now know when they dont know, and demand assistance. //Alif -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xpgp_key_mgmt_is_broken-dont_bother "Never belong to any party, always oppose privileged classes and public plunderers, never lack sympathy with the poor, always remain devoted to the public welfare, never be satisfied with merely printing news, always be drastically independent, never be afraid to attack wrong, whether by predatory plutocracy or predatory poverty." Joseph Pulitzer 1907 Speech