[IP] Telecoms required to save logs of e-mail

Phil Karn karn at ka9q.net
Fri Dec 2 09:44:53 PST 2005 

>BRUSSELS, Belgium?EU justice and interior ministers agreed Friday
>on plans that would require telecommunications companies to retain
>records of phone calls and e-mails for a minimum of six months for
>use in investigations of terrorism and other serious crimes.

and Bob Franksten comments:
 > Too bad reporters don't ask question such as whether the
legislatures understand that you don?t need a phone company to make a
phone call and you don?t need a PTT to send email.

Note that an ISP can easily log email even when a user runs his own
SMTP server and/or delivers his own outbound mail. You just record
all the raw packets to port 25.

On the other hand, the SMTP STARTTLS (start transport layer security)
command is getting pretty common these days, as most MTA senders will
now use it automatically whenever the receiving MTA advertises
support for it. Receiver support is not the default because it
requires a X.509 certificate, but some installation scripts (e.g.,
Debian Linux) automatically generate and install a self-signed
certificate if required.

Even much of my incoming spam comes in with STARTTLS these days. I
figure that should make traffic analysis just a little more difficult.

When a SMTP session uses STARTTLS, only the IP addresses of the MTAs
are visible to a passive wiretap at the ISP. Because self-signed
certificates are so common, however, an active man-in-the-middle
attack would probably work in most cases. Clearly we need certificate
caching like that implemented in SSH.

>Under Friday's deal, investigators will be able to view logs of
>phone calls and e-mail messages, but it does not allow them to view
>content of the messages.

That implies that only headers need be logged, so PGP or S/MIME by
itself (without STARTTLS) provide no protection at all as they both
leave all email headers in the clear.




-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the Testlist mailing list