Analysis of Part III of the (draft) Electronics Communications Act 1999

Perfect forward secrecy

Most online conversations use, or are capable of using 'Perfect Forward Secrecy'. The two ends negotiate a key just for this session, or for just a small portion of time. Techniques such as Diffie-Hellman mean that this negotiation can take place even with an eavesdropper present and a secure channel can still be created. When the key is no longer required it is completely forgotten about, so there is nothing for an Section 10 notice to go after. The only way of defeating such a scheme (short of subverting one of the end points) is to become a "man in the middle" and this will not be possible if the two ends use signature keys to authenticate each other.

Ian Brown
Once IPSEC becomes widespread (and it's in Windows 2000, PGP 6.5.1, etc. etc. etc.) the wiretappers won't even be able to get at ciphertext e-mail. The "tipping off" offence is most likely intended to stop ISPs informing customers that their mail servers, where IPSEC protection is lost, are under surveillance.

Which makes me think that once zero variable cost IP connections are available (e.g. from BT's ADSL, cable companies, etc. etc.) we should all just leave our (IPSEC-enabled) machines permanently connected to the Internet, get a permanent IP address (how convenient that IPv6 allows 2^128 addresses...) and run our own SMTP servers. Then whenever anyone else running IPSEC sends you a message, it receives end-to-end network layer protection right to your machine.

Back to the analysis of part III