Comment Re:Just Encrypt. (Score 1) 143
I do have https available for my primary domain but I didn't offer that to my customers accept at additional cost. When was the last time you did random browsing using Secure Sockets instead of HTTP?
Personally I use SSH for all interactive connections and file transfers, but that doesn't help me when I'm reading news, or surfing the web.
The big win in the decision to not include wiretap friendly additions to IPV6 is that we don't have to worry about things such as "has this been recorded yet?" and "User level sender authentication." Think of a protocol where each packet had a "Law enforcement has copy" flag and that flag was a cryptographic checksum of the contents of the packet plus some enforcement "cookie". When that packet arrives at a "tap" point it would be recorded and the field filled in. If the field is not properly set, the packet is first sent to a "tap point" to be recorded. In other words, the talk session that I run between two local machines in the clear might suddenly become tapped. Not because Johnny Law produced a warrent and physically tapped my home lan, but because the protocol suddenly says "Send a copy of this to the tap point."
Or think of each packet sent having an authentication requirement. I.e. Every single packet sent via IPV6 belonging to some one person. It is pretty easy to see where that might generate targetted taps, or it might just generate lists of "suspects". Think about what happens if getting packets from a "rape victem support site" would mean that some where, somebody knows that you went to that site. The privacy issues are huge.
So what happened is that the IETF has made a decision that says "We aren't going to allow the protocol to have these types of things." That doesn't mean that Fore doesn't put an option in thier ATM switch that says "send a copy of every packet recieved down this pipe." It just means that at the protocol level we don't have to directly worry about tapping.
