[NCAP-Discuss] why enhanced controlled interruption - not legal

[Jeff Schmidt]

> Matt said one way exfiltration could be controlled / mitigated - I 
> beleive you straw-manned how _you would do what Matt suggested and ["" 
> what you say above] don't want wanna misquote you...

I pointed out the ways that exfiltration *can* *not* be controlled/mitigated, particularly with HTTP/S-based communication and anything over UDP. I do not believe those significant weaknesses can be technically mitigated - if someone wants to provide a specific technical model to prove me wrong I'm all ears. Matt's suggestion was light on technical details. I've done this and I know what's involved. You do too Danny - how would you do it?

> Controlled Interruption certainly checks the "convenience" box.

CI is the best imperfect solution to a problem with no perfect solutions. Four years (!) of NCAP wheel-spinning all but proves this; no one has come up with anything better. In all but human-browser-HTTP/S cases CI provides a superior notification experience and simply can't cause unintended data exfiltration in any case. Despite all of us *wanting* the data generated by such a honeypot to be panacea, in fact the data generated would be unreliable for the intended purpose. Reducing CI to mere convenience is a mischaracterization.

Jeff