On Wed, Dec 11, 2013 at 11:07 AM, Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote: > NEW: > > Monitoring in itself can be a good thing and need not be part of > a pervasive monitoring attack. For example, network management > functions often require monitoring packets or flows, anti-spam > mechanisms may need to see mail message content and some kinds > of monitoring can be part of mitigating the pervasive monitoring > attack, e.g. with Certificate Transparency logs. [RFC6962] > There is though a clear potential > for such monitoring mechanisms to be abused as part of > pervasive monitoring, so this tension needs careful consideration in > protocol design. Making networks unmanageable in order to mitigate > pervasive monitoring would not be an acceptable outcome. But > equally, ignoring pervasive monitoring > would go against the consensus documented in > this BCP. An appropriate balance will likely emerge over time as > real instances of this tension are considered. Good direction. Just to be clear, the issue is not whether we will provide tools to mitigate what appears to be an attack. We will, and we will also design protocols to be resistant to attack. This paragraph should be about when to use techniques, not what techniques to incorporate into protocols. Scott