On Tuesday 29 March 2005 22:17, Nick Owen wrote:
I would add to this that each carrier has different network
configurations that can affect security.
Yes, you're quite right. I assumed (unnecessarily) we were talking about a
radio link directly managed by the bank with no carriers involved. This is
not necessarily the case. If a carrier is supplying the link, they must be
involved in the security setup. The best way is to ask for a transparent
radio link, pure and simple linking. Whatever gets in on one side, gets out
on the other (be it voice, data, IP, ATM, or a proprietary protocol).
Just to complicate things, one carrier wouldn't take our encrypted
messages unless we said it was a bitmap image ;).
;-)
I wonder why they would do so. A carrier shoud be a ... carrier. If they stick
their nose in what they carry from point A to point B, they might loose their
status of "common carrier" (the same status airlines, post offices and the
like enjoy all other the (free) world). Just like the post office doesn't
ask you what's inside the envelope you mail through them, as long it is of
standard size, I don't see a reason for a carrier (or even an ISP) to get
into what is a (say) an IP packet as long it is correctly formatted.
In some EU member states they also try to resist the idea of encrypted traffic
being fed into networks (the idea being that it would make it more difficult
for police agencies to monitor (legally) such traffic). Yet, it's not really
enforced.
--
Alessandro Bottonelli
Axis-Net (Privacy & InfoSec Consulting)
Tel. +39 02 93595859
Fax. +39 02 93590544
Web. http://www.axis-net.it
