Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 31/12/2013 20:48, John C Klensin wrote:
For example, effective surveillance of traffic content by monitoring of Internet links would become considerably more difficult if we (pervasively) went back to routing at the packet (or datagram) level and optimized our routing algorithms to prefer diverse paths within a stream or flow. At least as I understand it, that would largely eliminate the use of MPLS and would slow things down overall unless ISPs started engineering their networks for more path diversity between any two endpoints (presumably increasing costs for the amount of traffic handled). But it would make interception of a single flow for surveillance purposes a lot more unpleasant and costly for the monitoring body without requiring encryption.

Actually John, I think some MPLS implementations did this across equal cost paths, but TCP performance went through the floor and so a lot of effort now goes into the maintenance of flow order. Some protocols are much more sensitive than TCP in this regard and can never be subjected to misordering. However if the transport protocols could cope with out of order delivery, we could get MPLS to spread flows across pretty much every available path. As well as having anti-surveillance properties, such an approach would have the anti-congestion properties of spread spectrum and so could be quite an interesting area of research.

Stewart




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]