On Wed, Nov 27, 2013 at 12:56 PM, SM <sm@xxxxxxxxxxxx> wrote:
At 08:13 27-11-2013, IAB Chair wrote:
At the Vancouver IETF meeting, the IAB held a technical plenary that discussed pervasive monitoring. The IAB believes that pervasive monitoring represents an attack on the
The minutes for that plenary is not available at the moment. I would appreciate if the minutes could be published.
[MB] A last round of edits (editorial clarifications) are underway right now. The minutes will be published no later than Tuesday, December 3rd, 2013. [/MB]
Internet in as much as large amounts of information that is intended to be confidential between sets of individuals is in fact gathered and aggregated by third parties. Such a broad scale attack can undermine confidence in the infrastructure, no matter the intent of those collecting the information.
draft-farrell-perpass-attack-00 is intended to establish an IETF community consensus on this matter. We encourage the community to read and engage in discussion about this draft, and also to take practical measures to limit pervasive monitoring within their environments.
In Section 1:
"that should be mitigated where possible via the design of protocols
that make pervasive monitoring significantly more expensive or
infeasible"
That sounds like an arms race [1].
"A fuller problem statement with more examples and description can be
found in [ProblemStatement]"
That document is not available.
"In particular, the term, when used technically, implies nothing about
the motivation of the bad-actor mounting the attack, who is still
called a bad-actor no matter what one really thinks about their
motivation."
The usual term in the IETF is "adversary" and not "bad-actor". "bad actor" is sometimes defined as "contentious individual".
The Security Considerations section that the intended BCP is all about privacy. The Introduction section mentions "illegal purposes by criminals". I would describe the problem as having different angles; bad people could capture the information being exchanged and use it for nefarious purposes, nation states [2] can capture the information and use it to find out what the people are discussing.
The draft is well-written. Given the catchy title I am left to wonder which parts of the document is polite fiction (a social scenario in which all participants are aware of a truth, but pretend to believe in some alternative version of events to avoid conflict or embarrassment). In very simplistic terms the draft says:
"consensus to design protocols so as to mitigate the attack, where
possible."
Quoting Martin Thomson: we trusted you; we were naive; never again.
Regards,
-sm
1. the continuing competitive attempt by two or more nations each to have available to it more and more powerful weapons than the other(s).
2. http://ir.elbitsystems.com/phoenix.zhtml?c=61849&p=irol-newsArticle&ID=1810121&highlight=