Mr. Baptista,
In reading your message re the history of security and the Internet I
my attention was drawn to the following paragraph:
DARPA planners unfortunately were short sighted and did not
anticipate the technology would become an international standard for
communications. The community of users and networks connected to DARPA
were small and trusted so security concerns were a low priority. The
end result was the deployment of insecure protocols that have kept
many security experts gainfully employed. Even secure protocols are
hacked. Today there are millions of compromised computer systems busy
trying to hack other computers. And many of those busy hacking
computers may no longer be under the control of the original script
kiddy hacker who launched them. In fact I suspect many such computers
are operating independently of a human operator.
As one of the fortunate folks who participated in the ARPANET and the
beginning of the Internet, I can attest to the accuracy of the first
sentence. Unfotunately, most of the rest of the paragraph, and the
rest of your message, is incorrect.
The first crypto-based security protocols for packet nets (and
devices that implemented them) were developed in the mid-70s, here at
BBN, and deployed in the ARPANET. In the later half of the 70s we
also developed the first IP-based end-to-end crypto protocols and
devices, using KDC-style technology well before the development of
Kerberos at MIT under project Athena. So, it is inaccurate to suggest
that the DoD did not pay attention to security concerns in the
development of IP.
The primary security mechanisms that are part of IPv6, are the same
ones that are available for IPv4 today, namely IPsec. So it would
also be inaccurate to suggest that IPv6 offers significant new
security options relative to v4. Although one can argue that the
address space capabilities of v6 offer the potential for increased
privacy relative to v4, even this may not be true in practice, as
there are many ways by which privacy is likely to be compromised by
higher layer protocols.
Depending on the type of traffic that Carnivore is being used to
intercept, I doubt that the transition to v6 form v4 will be a
concern, absent use of IPsec or S/MIME or SSL/TLS.
IPsec does not make IP "less prone to man in the middle interception
..." It makes v4 and v6 immune to such interception. IPv6 will NOT do
this automatically. It still requires user/admin configuration and
key management, which has often proved to be an impediment, largely
because of poor management designs/interfaces.
I could go on to identify many more errors in the statements you made
re various security matters. As the military would say, you message
is a "target rich environment." But, I think this ones noted above
suggest that you don't really understand the nature of security in
the Internet.
Steve