Re: Last Call: <draft-mm-wg-effect-encrypt-13.txt> (Effect of Pervasive Encryption on Operators) to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
At 06:06 AM 06-11-2017, The IESG wrote:

The IESG has received a request from an individual submitter to consider the
following document: - 'Effect of Pervasive Encryption on Operators'
  <draft-mm-wg-effect-encrypt-13.txt> as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2017-12-04. Exceptionally, comments may be
On reading the draft, I wondered whether the authors of the draft have an opinion about "responsible encryption". 

In Section 1.1:

  "OS has been implemented as NULL Authentication with IPsec [RFC7619]
   and there are a number of infrastructure use cases such as server
   to server encryption, where this mode is deployed."
It is possible to find use cases of deployment. That does not mean that it is always a good idea. 

In Section 2:

  "This and other increases in the use of encryption had the immediate
   effect of helping protect the privacy of users' data, but created a
   problem for some network management functions."

Is this about privacy or is it about a security loophole?

In Section 2.1.2:

  "The ability to identify the problem application's traffic is
   important and deep packet inspection (DPI) is often used for
   this purpose."
Is debugging choppy video the main purpose of DPI? Why should perversive surveillance software/hardware be used to debug application issues? 

In Section 2.3:

  "These regulations include Lawful Intercept, adherence to Codes of
   Practice on content filtering, and application of court order filters."
Are the "Codes of Practices" part of regulations? Are there references to those Codes of Practices? 

In Section 3.2.2:

  "STARTTLS ought have zero effect on anti-SPAM efforts for SMTP traffic."
I doubt that STARTTLS cause any significant problem as the receiver has the ability to inspect emails. 

In Section 4.1.1:

  "detect and defend against Internet DDoS attacks, including both
   volumetric and layer 7 attacks."

Does the IETF use the OSI layer (re. layer 7)?
As an overall comment, there are many uses of "many" in the document. I read the entire document. I understand that the authors may have put a lot of effort in this work. However, I preferred to reduce the effort as it was a bit tedious to do a detailed review. The title of the document is "Effect of Pervasive Encryption on Operators". Is this document about making the case against RFC 7258? 

Regards,
S. Moonesamy
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]