- From: Greg Wilkins <gregw@intalio.com>
- Date: Sat, 16 Aug 2014 09:23:16 +1000
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Received on Friday, 15 August 2014 23:23:45 UTC
On 15 August 2014 22:34, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> Currently, they can run a filter which is essentially:
>
> tcpdump -i all0 -w - | egrep -i "terrorist|bomb"
>
That kind of monitoring does take place, but any *pervasive" monitoring of
that kind requires a warrant - or is illegal (and if illegal they can tap
into places that TLS will not help).
The type of *pervasive* monitoring that is legal and does take place widely
is
tcpdump -i all0 -n | egrep "IP [0-9\.]* > IP.OF.KNOWN.NASTY"
This is not something that the protocol or TLS can fix.
cheers
--
Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com advice and support for jetty and cometd.
Received on Friday, 15 August 2014 23:23:45 UTC