ad hoc IPsec or similiar

Eugen Leitl eugen at
Thu Jun 21 14:33:42 EDT 2007

On Thu, Jun 21, 2007 at 06:00:48PM +0100, Richard Clayton wrote:

> (a) the EU legislation was actually passed well over a year ago

It is not national law yet. I'm only concerned about when I
have to deal with it personally.
> and applies to "service providers" so "random endpoints" will be

The pending legislation is stated broadly enough to include anyone
with a proxy or a mix cascade, company or private body, for-profit
or non-profit. It threatens up to half a megaeuro penalty and up 
to two years in jail. 

> unlikely to be caught by its requirements.

Any random endpoints will be passing through the ISP, and hence
subject to retention. An ad hoc IPsec or VPN tunnel setup will
make data analysis more difficult, especially if there's traffic
background (P2P, etc).

So what's the state in ad hoc IPsec/VPN setup for any end points?
> (b) what the Directive exactly means is anyone's guess (the wording
> shows a deep failure to understand how the Internet works), and it is
> entirely clear that it will in practice mean different things in
> different EU countries.

I've been told this legislation will be used by several persons
within BKA etc. to harass Tor operators. This is not a guess; I'm
not sure how reliable that source is, however.
> In the UK it's likely to only apply to large public ISPs -- and
> retention will be restricted to records of who used which IP address,
> email server records, and possibly web cache logs (possibly not, since
> web caches may not be economic if the logs have to be retained)...

The financial burden is completely on the side of the providers.
> ... the wikipedia page on the topic
> ... has information for other countries that looks fairly plausible from
> what I know about their plans.

Unfortunately, I know more about the plans than I ever wished.
> Note that the Directive also applies to phone calls ... and the

It also applies to mobile phone location in the cell.

> transposition of that into national laws is supposed to be completed by
> October 2007; most countries have until March 2009 for Internet logs

Apparently, Germany will implement Internet connection retention by
end of the year/beginning of 2008 latest.

Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list