|
OpenCALEA
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: [OpenCALEA] standards compliance
- From: Bob Ross
- Date: Tue Mar 20 11:53:47 2007
You are correct, The CALEA tech told me the same thing. If you can't send it
in the required
format, then it's up to opencalea to convince the law enforcement agency to
accept the
opencalea format. If you can't you have 48 hours to do so. $10K/Day fine if
you don't.
He did mention that if opencalea does everything according to the standard
and set format there
should be no problem. It's getting the information of the format that's
licensed. According to a couple dockets
the licensed format was accepted. I don't know if that is in stone yet, but
could be.
Bob
----- Original Message -----
From: "Raw, Randy" <rawr@more.net>
To: <opencalea@merit.edu>
Sent: Tuesday, March 20, 2007 8:23 AM
Subject: RE: [OpenCALEA] standards compliance
I talked to a TTP (take this for what it's worth), who said that
OpenCALEA only addressed step 1 of 4 steps of the CALEA process.
Something about the collector is only 1 step and you still have to make
a secure VPN connection to the LEA device for delivery and deliver in a
format acceptable by the LEA. I have no idea the validity of this
statement, but the concept of patent infringement and other FUD was
thrown around during the discussion. Does OpenCALEA address these
issues? Are they issues at all? Is this going to be a challenge for this
project?
Randy Raw, CISSP
MOREnet Manager, Network Security
3212 LeMone Industrial Blvd
Columbia, MO 65201
573.882.0749
573.884.7699 fax
http://www.more.net/security
Join us for Internet Safety Night, April 10, 2007. Come and learn how to
help kids be safe on the Internet. http://besafe.more.net
-----Original Message-----
From: owner-opencalea@merit.edu
[mailto:owner-opencalea@merit.edu] On Behalf Of Jesse Norell
Sent: Tuesday, March 20, 2007 9:46 AM
To: opencalea@merit.edu
Subject: Re: [OpenCALEA] standards compliance
On Mon, 2007-03-19 at 15:46 -0800, an unknown sender wrote:
>
> > Is the goal of OpenCALEA specifically to conform to that
standard
> > (final version), or simply to meet legal requirements under CALEA?
>
> I'm still trying to decipher the legal requirements of CALEA as it
> appears the law doesn't define a standard yet we apparently need to
> comply with whatever "standard" the industry comes up with.
As I understand it from various places (though I need to
look at the CALEA document itsself) is you can use any
approach that gets the job done and can get the data to the
law enforment agency; so opencalea could use their own packet
format, etc., and if everything is covered as far as
collecting and presenting all the pertinent info, I'd imagine
that LEA's would accept that format for intercepts. Another
approach would be to implement the ATIS-PP-1000013.2007
standard. There are pro's/con's of both ways, of course; my
question was if opencalea was specifically trying for one
approach or the other. If that question is currently
unanswered, that may be a good discussion to have real soon. :)
If anyone wants a good overview of calea requirements, the
best I've found to date is:
http://www.baller.com/pdfs/BHLG-CTC_CALEA_Memo.pdf
> Another puzzler is whether the Cisco router CALEA stream
(intercepted
> layer-2 packets bottled up in UDP) is sufficient to forward
or if the
> data has to be massaged with a UDP-UDP converter before
forwarding to the LEA.
No idea. I'll try to find time to read at least section
103 of the CALEA spec .. but I'm not familiar with Cisco's
calea features, either.
> Last but not least is whether its possible to do on-the-fly
filtering
> with libpcap to pull a particular IP off a switch SPAN port.
You mean to configure the switch? libpcap could not do
that. If you mean have the switch send all it's traffic to a
monitoring port (is that a "span port" in cisco parlance?)
and libpcap filter out what it's interested in, then yes,
that's exactly how it works.
--
Jesse Norell - jesse@kci.net
Kentec Communications, Inc.
|
|
|
