Re: Email tapping by ISPs, forwarder addresses, and crypto proxies

21 Jul 2004

      Variola wrote...

Dark fiber.

"Dark Fiber" ain't a talisman you merely wave at data to get it to magically 
move to where you want it to.You've got to LIGHT that fiber, and to light 
that fiber you need LOTS and LOTS of power-hungry, space-occupying 
equipment. In other words, you'd need to duplicate a significant fraction of 
the current public transport network. And that can't be done in one 
location, you'd need this shadow network to have either it's own COs all 
over the country, or to have significant POPs in practically every CO in the 
country. And I can tell you unequivocally that neither are the case.

What this points to is CALEA + Grooming + Massive Optical Transport for 
offline sifting in a few centralized locations. And I strongly suspect that 
the recent GIG-BE contract is precisely the massive optical part.

What I get from what you've pointed out, however, is that processing power 
isn't the limitation any longer. If they COULD get it ALL, then they 
probably would. So perhaps that's just a matter of time (ULH systems can 
move lots of traffic very long distances these days, with only the 
occasional optical amplifier.)

-TD
...
From: "Major Variola (ret)" <mv@cdc.gov>
To: "cypherpunks@al-qaeda.net" <cypherpunks@al-qaeda.net>
Subject: Re: Email tapping by ISPs, forwarder addresses, and crypto  
proxies
Date: Tue, 20 Jul 2004 21:00:49 -0700
At 10:12 AM 7/19/04 -0400, Tyler Durden wrote:
...
"Gimme an intel IXA network processor and no problem.  ATM is fixed
size data, not as tricky as IP decoding.  Predicatable bandwidth.
Stream all into megadisks, analyze later."
I'm gonna have to challenge this bit here, Variola.
Please.  Truth requires skepticism.  Be bold.
...
Let's back up. You've got an OC-48 or OC-192 fiber and you want to grab
ALL
of the data in this fiber. Now I'll grant that in real life there's
going to
be a lot telephony circuit in there, but let's take a worst-case and
assume
you need ALL the data.
As cryptographers, we must assume this.
...
What's in this OC-192? Right now it definitely ain't 10Gb/s of packets.
It's
going to have LOTS of DS1s, DS3s and, if you're lucky, and STS-3c or
two. So
you'll need to first of all demux ALL of the tributaries.
And how much *dark fiber* is there?  Lots and lots, thanks to irrational
exuberance.   Guess what?  SiO2 doesn't care which direction the beam
is pumped into.
...
Next, you've got to un-map any ATM in each of the DS1s, etc, and then
pull
out the IP data from the ATM cells, remembering to reassemble
fragmented
packets (and there will be plenty with ATM). And remember, you may have
to
do this for 5000 simultaneous DS1s.
Yawn.
You underestimate the Adversary.  Never ever do that.  Isn't there some
chink who wrote that?
...
Oh, and let's not forget pointer
adjustments.
Oh no, not pointers!  What next, MPLS?
...
And that's just one fiber. How will you actually get all of this
traffic
back to HQ? Remember, it keeps coming and won't stop.
Dark fiber.
...
No, I think I'm becomming convinced that they can't yet get ALL of it.
Enjoy your childhood while it lasts.  Its a beautiful time.
_________________________________________________________________
Dont just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Tyler Durden

tags

participants (1)