On 17 Aug 2002, Paul Vixie wrote:
Am I the only one who finds it odd that it's illegal to export crypto or "supercomputers" to certain nations or to sell such goods with prior knowledge that the goods are going to be resold in those nations... or even to travel to certain nations... yet no law prohibits establishing a link and a BGP session to ISP's within those nations, or to ISP's who are known to have links and BGP sessions to ISP's within those nations?
Well... it is not always legal. The "trade with the enemy" act may prohibit ISPs from connecting with countries on the list. In the old times I had a discussion on the subject with Steve Goldstein (regarding Iran).
I'm not sure I'd be opposed to it, since economic blockades do appear to have some effect, and since data is a valuable import/export commodity. I think homeland security is a good thing if it means a mandate for IPsec, DNSSEC, edge RPF, etc... but if we *mean* it, then why are US packets able to reach ISP's in hostile nations?
This is silly, because: a) no one can deny connectivity to "bad guys". You can merely create a minor annoyance to them, in form of having to use a proxy somewhere in Europe. b) all you can really achieve is to restrict access for their populace; effectively making the job of "bad guys" easier (hint: governments in non-friendly countries do agressive filtering of access to Western networks themselves). It is a known phenomenon that given the Western cultural dominance in the net, it is one of the best pro-Western propaganda tools around. Propaganda (in the right direction) is good, because if you can convince someone to come to your side, you don't have to kill him to prevail. I can only hope that H.S. Dept will see it this way.
I want to know what the homeland security department is likely to do about all this, not what is good/bad for the citizens of hostile nations or even nonhostile nations.
Likely nothing, unless they are complete incompetents. The point is: there's no feasible way to achieve any gains by restricting access on per-country basis. It is a lot more useful to suppress the enemy propaganda by going after its sources which are easily located. I would suggest going after CNN first [sarcasm implied]. --vadim