“The security of the Internet requires that anonymity be driven out of the network, the top information-security officer for the U.S. Department of Defense told attendees at the Black Hat Security Conference.”
http://www.securityfocus.com/brief/989
This scares me.
I believe that the anonymity of the internet is the very life force that has made and continues to make it what it is. If we destroy that, we loose the very thing that is the Internet.
At the upper protocol level, there may be reason for less anonymity. The two ends of the connection should be able to authenticate each other. sFTP, HTTPS, POP3S, SMTPS; absolutely. The faster that clear text can die, the better.
They key here is retaining the anonymity in the TCP/IP layer. The only two people that should be able to read the data and identify the two end point entities are those two entities. Everyone in-between including the transport layer should not be able to identify anything more than the minimum amount of addressing information required to pass the data frames from one point too he next.
I say that this article scares me. I don’t mean in a way to draw readers. I mean it is one of those articles where I read it and actually felt a physical shiver of dread.
Here is why; this is the opinion of high ranking people within the US Gov’s Cybersecurity group. I don’t think they are talking about providing safer application level protocols meant to provide users with encrypted end to end transfers. When they talk about how “anonymity must be driven out”, I read that to mean a level of transparency to identify all on the network and monitor all data between endpoints. I get the feeling that this is from a military point of view where that kind of data visibility would be of benefit to the whims of authority at the expense of the user.
I hope I read this wrong or read too much healthy paranoia into it. Any thoughts on?