lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Nov 2007 21:01:19 +0000
From: imipak <imipak@...il.com>
To: raju@...ux-delhi.org, Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: Standing Up Against German Laws - Project HayNeedle

Hi Raju,

On Nov 14, 2007 3:20 AM, Raj Mathur <raju@...ux-delhi.org> wrote:
> The mail addresses can only be stored if the server through which the
> mail is relayed (or on which it originates) falls under the law.  I'd
> presume that's not a significant percentage of all mails sent out from
> any country.
>


(a) (as you say) they can of course be trivially extracted from the
traffic flow at the provider level.  cf the current EFF / NSA / San
Francisco case - that (as I understand it) is probably in breach of
the US Constitution, yet it happened/is happening. The German law, and
similar laws in the UK and other countries, implicitly (at least)
enables such tactics;

(b) most mail users use mail servers at their employers or their local
ISP (ISPs with retail presence in multiple territories will of course
have mail servers in situated locally);

(c) the balance, excluding those weirdos running their own personal
MTA / MSAs, will be using webmail services like Hotmail and Gmail.


Tracerouting from the machine I'm typing this on (in the UK) shows a
route through my ISP, to LINX (the London IX), and then straight into
Google space. The RTT all the way to the final hop is in the 30ms
range:

[...]
 8  209.85.248.80 (209.85.248.80)  25.302 ms   24.348 ms   25.605 ms
   MPLS Label 548800 TTL=1
 9  209.85.248.79 (209.85.248.79)  27.972 ms   36.281 ms   26.562 ms
10  72.14.233.77 (72.14.233.77)  28.266 ms   29.057 ms   27.273 ms
11  66.249.94.146 (66.249.94.146)  29.517 ms   30.668 ms   30.179 ms
12  ik-in-f19.google.com (66.249.91.19)  28.092 ms   27.926 ms   28.564 ms


...which strongly suggests to me that the front-end Gmail webserver my
"mail" hits is probably pretty close to me.  It's certainly not on the
other side of the Atlantic. There's quite a lot of cooperation between
EU member states, would a "UKUSA"-type arrangement in the EU be very
surprising?


=i


On Nov 14, 2007 3:20 AM, Raj Mathur <raju@...ux-delhi.org> wrote:
> On Tuesday 13 November 2007 15:29, Florian Echtler wrote:
> > [snip]
> > As a native German speaker, allow me to clarify: with respect to IP
> > communication, the law mandates saving the following information for
> > 6 months:
> >
> > - which customer was assigned which IP for what timespan
> > - sender mail address, receiver mail address and sender IP for each
> > mail - in case of VOIP: caller and callee phone number and IP address
>
> The mail addresses can only be stored if the server through which the
> mail is relayed (or on which it originates) falls under the law.  I'd
> presume that's not a significant percentage of all mails sent out from
> any country.
>
> Of course, it's also possible to track (snoop) all SMTP traffic on the
> network, but that's totally different from just keeping mail and AAA
> server logs and from my understanding that's not what this law
> mandates.
>
> Regards,
>
> -- Raju
> --
> Raj Mathur                raju@...dalaya.org      http://kandalaya.org/
>  Freedom in Technology & Software || February 2008 || http://freed.in/
>        GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
> PsyTrance & Chill: http://schizoid.in/   ||   It is the mind that moves
>



-- 
And what exactly is a dream?
And what exactly is a joke?
                                            - Syd Barrett

Powered by blists - more mailing lists