Re: [perpass] comments and questions for the group on draft-farrell-perpass-attack-02
Robin Wilton <wilton@isoc.org> Mon, 09 December 2013 12:56 UTC
Return-Path: <wilton@isoc.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA28A1ADF32; Mon, 9 Dec 2013 04:56:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1lym-0FhBsGa; Mon, 9 Dec 2013 04:56:49 -0800 (PST)
Received: from smtp94.iad3a.emailsrvr.com (smtp94.iad3a.emailsrvr.com [173.203.187.94]) by ietfa.amsl.com (Postfix) with ESMTP id 56D4A1ADF6C; Mon, 9 Dec 2013 04:56:49 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp12.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 8F86CF00C2; Mon, 9 Dec 2013 07:56:44 -0500 (EST)
X-Virus-Scanned: OK
Received: by smtp12.relay.iad3a.emailsrvr.com (Authenticated sender: wilton-AT-isoc.org) with ESMTPSA id 32205F00A5; Mon, 9 Dec 2013 07:56:44 -0500 (EST)
References: <52A5B79E.2040202@cisco.com>
In-Reply-To: <52A5B79E.2040202@cisco.com>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <2FF9686C-7DEA-42E3-B2FA-DCD72A5E5168@isoc.org>
X-Mailer: iPad Mail (9B206)
From: Robin Wilton <wilton@isoc.org>
Date: Mon, 09 Dec 2013 14:00:49 +0100
To: Eliot Lear <lear@cisco.com>
Cc: "ietf-interest(mailer list)" <ietf-interest@cisco.com>, perpass <perpass@ietf.org>, Internet Architecture Board <iab@iab.org>, IESG <iesg@ietf.org>
Subject: Re: [perpass] comments and questions for the group on draft-farrell-perpass-attack-02
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 12:56:51 -0000
Eliot, I think your second edit is probably too broad, in the sense that it could create quite a lot of room for abuse. You currently have: >> More limited-scope monitoring or other services or to assist with >> network operations that >> is required in order to operate the network or an application is not >> considered pervasive monitoring I would suggest something along the following lines. The first part is just a rewording of your text; the part in square brackets is prompted by what I think we can learn from existing approaches to pervasive monitoring. Where monitoring is of limited scope, or services in support of network operations are required in order to operate the network, these are not necessarily to be considered de facto pervasive monitoring [; however, thought should be given to whether they enable pervasive monitoring, either directly or as a by-product of their primary purpose]. I hope this is helpful, Robin Robin Wilton Technical Outreach Director - Identity and Privacy On 9 Dec 2013, at 13:29, Eliot Lear <lear@cisco.com> wrote: > These comments follow a thread from the IAB/IESG mailing list. > > There has been some confusion over how this proposed BCP should be taken > by working groups. At least one working group chair has inferred, if > not suggested, that a document before the IESG that does not demonstrate > it has mitigated pervasive surveillance will get returned. That > wouldn't be appropriate, in my opinion. A working group must consider > the operational realities that it is attempting to code to. There are > many tensions to consider, not just a narrow view of network management > (a phrase that might itself be left to ambiguous interpretation). I > have in mind as an example a service provider that does > transparent/intercepting HTTP caching for purposes of bandwidth > preservation in bandwidth-constrained environments. Another example > would be an environment in which security and governance are key. > > As such, I propose the following two changes to clarify the text in > Section 2: > > 2nd para: > > OLD: >> This BCP simply records the consensus to design >> protocols so as to mitigate the attack, where possible. > > NEW: > >> This BCP simply records the consensus to design >> protocols so as to mitigate the attack, taking into account >> operational realities of network operators. > > Next para: > > OLD: >> More limited-scope monitoring to assist with network management that >> is required in order to operate the network or an application is not >> considered pervasive monitoring. There is though a clear potential >> for such limited monitoring mechanisms to be abused as part of >> pervasive monitoring, so this tension needs careful consideration in >> protocol design. Making networks unmanageable in order to mitigate >> pervasive monitoring would not be an acceptable outcome. But >> equally, ignoring pervasive monitoring in designing network >> management mechanisms would go against the consensus documented in >> this BCP. An appropriate balance will likely emerge over time as >> real instances of this tension are considered. > > NEW: > >> More limited-scope monitoring or other services or to assist with >> network operations that >> is required in order to operate the network or an application is not >> considered pervasive monitoring, >> There is though a clear potential >> for such mechanisms to be abused as part of >> pervasive monitoring, so this tension needs careful consideration in >> protocol design. Making networks unmanageable in order to mitigate >> pervasive monitoring would not be an acceptable outcome. But >> equally, ignoring pervasive monitoring in designing network >> management mechanisms would go against the consensus documented in >> this BCP. An appropriate balance will likely emerge over time as >> real instances of this tension are considered. > > And so someone operating a small ISP with a cache in Madagascar or the > SP trying to manage bandwidth on a train can also have their > considerations taken into account. It's for a working group to decide > how far to accommodate them, of course. > > Eliot > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass
- [perpass] comments and questions for the group on… Eliot Lear
- Re: [perpass] comments and questions for the grou… Eric Burger
- Re: [perpass] comments and questions for the grou… Robin Wilton
- Re: [perpass] comments and questions for the grou… Stephen Farrell
- Re: [perpass] comments and questions for the grou… Eliot Lear
- Re: [perpass] comments and questions for the grou… Eliot Lear
- Re: [perpass] comments and questions for the grou… Eliot Lear
- Re: [perpass] comments and questions for the grou… Eliot Lear
- Re: [perpass] comments and questions for the grou… Paul Ferguson
- Re: [perpass] comments and questions for the grou… Brian E Carpenter