> > Thus far law enforcement outside the US have arrested and > prosecuted > > considerably more suspected Internet criminals than the US. > > This may come as a surprise to you, but the rest of the world is > actually larger than the US. (Oh wait, there I go with that dreaded > sarcasm. Sorry.) The number of arrests per capita and the toital number of arrests in several countries outstrips the US. The idea that only the US is interested in Internet law enforcement is untrue as the FBI and Secret Service will both be only too happy to confirm. Steve's implication that the situation is hopeless is simply wrong. > ??? > > How can you secure a communication channel against crime in general? Accountability. They did it for the telephone system in the 1920s - the term phony appears in the English language in 1900 when the telephone started to spread. [The alternative etymology in certain editions of Webster via Fawney appears to be unsupported guesswork] We can do it for the Intetnet. > If you expect the IETF to stop pensioner savings stealing, you're > setting yourself up for a big disappointment. I expect that whatever body leads Internet standards making will be doing all it can to stop Internet criminals from stealing pensioners life savings. > SSL is far from perfect, but I wouldn't say it's shelfware. > It allows > consenting hosts to secure themselves against men in the middle and > eavesdroppers without aid from the network. E2e in its purest form, > I'd say. Actually it's a transport layer security mechanism. It does not provide end to end integrity guarantees, non-repudiation or any of the other silly requirements I and others tried to impose on the HTTP security mechanism in the mid 90s. More email is encrypted using SSL than any other technique. But it is only transport encryption, the message is en-clair on the mail server and is decrypted and re-encrypted for every message hop. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf