Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 11, 2013 at 11:07 AM, Stephen Farrell
<stephen.farrell@xxxxxxxxx> wrote:
> NEW:
>
>    Monitoring in itself can be a good thing and need not be part of
>    a pervasive monitoring attack. For example, network management
>    functions often require monitoring packets or flows, anti-spam
>    mechanisms may need to see mail message content and some kinds
>    of monitoring can be part of mitigating the pervasive monitoring
>    attack, e.g. with Certificate Transparency logs. [RFC6962]
>    There is though a clear potential
>    for such monitoring mechanisms to be abused as part of
>    pervasive monitoring, so this tension needs careful consideration in
>    protocol design.  Making networks unmanageable in order to mitigate
>    pervasive monitoring would not be an acceptable outcome.  But
>    equally, ignoring pervasive monitoring
>    would go against the consensus documented in
>    this BCP.  An appropriate balance will likely emerge over time as
>    real instances of this tension are considered.

Good direction. Just to be clear, the issue is not whether we will
provide tools to mitigate what appears to be an attack. We will, and
we will also design protocols to be resistant to attack. This
paragraph should be about when to use techniques, not what techniques
to incorporate into protocols.

Scott




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]