IETF Logo Mail Archive

Re: [perpass] comments and questions for the group on draft-farrell-perpass-attack-02

Eric Burger <eburger@standardstrack.com> Mon, 09 December 2013 12:44 UTC

Return-Path: <eburger@standardstrack.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37BC81AE2AF; Mon, 9 Dec 2013 04:44:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.278
X-Spam-Level: *
X-Spam-Status: No, score=1.278 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, MIME_BAD_LINEBREAK=0.5, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4QnfdoIbgo22; Mon, 9 Dec 2013 04:44:00 -0800 (PST)
Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [173.247.246.244]) by ietfa.amsl.com (Postfix) with ESMTP id 6E37F1AE2A2; Mon, 9 Dec 2013 04:44:00 -0800 (PST)
Received: from 217.sub-70-208-162.myvzw.com ([70.208.162.217]:6988 helo=[10.176.192.142]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.80.1) (envelope-from <eburger@standardstrack.com>) id 1Vq0Bi-00010x-Jz; Mon, 09 Dec 2013 04:43:54 -0800
Date: Mon, 09 Dec 2013 07:43:48 -0500
Message-ID: <7wmom0dq1s8yyc5t1qpvdxxl.1386593028146@email.android.com>
Importance: normal
From: Eric Burger <eburger@standardstrack.com>
To: Eliot Lear <lear@cisco.com>, "ietf-interest(mailer list)" <ietf-interest@cisco.com>, perpass <perpass@ietf.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--_com.android.email_1411917445541780"
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: Internet Architecture Board <iab@iab.org>, 'IESG' <iesg@ietf.org>
Subject: Re: [perpass] comments and questions for the group on draft-farrell-perpass-attack-02
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 12:44:02 -0000

So if the "operational realities" of the operator include a mandate to intercept, like with a law like CALEA in the United States, then pervasive monitoring is OK?


Sent from my mobile device. Thanks be to LEMONADE: http://www.standardstrack.com/ietf/lemonade
S2ERC: http://s2erc.georgetown.edu/
GCSC: http://gcsc.georgetown.edu/
Me: http://www.cs.georgetown.edu/~ eburger

-------- Original message --------
From: Eliot Lear <lear@cisco.com> 
Date:12/09/2013  7:29 AM  (GMT-05:00) 
To: "ietf-interest(mailer list)" <ietf-interest@cisco.com>,perpass <perpass@ietf.org> 
Cc: Internet Architecture Board <iab@iab.org>,'IESG' <iesg@ietf.org> 
Subject: [perpass] comments and questions for the group on
 	draft-farrell-perpass-attack-02 

These comments follow a thread from the IAB/IESG mailing list.

There has been some confusion over how this proposed BCP should be taken
by working groups.  At least one working group chair has inferred, if
not suggested, that a document before the IESG that does not demonstrate
it has mitigated pervasive surveillance will get returned.  That
wouldn't be appropriate, in my opinion.  A working group must consider
the operational realities that it is attempting to code to.  There are
many tensions to consider, not just a narrow view of network management
(a phrase that might itself be left to ambiguous interpretation).  I
have in mind as an example a service provider that does
transparent/intercepting HTTP caching for purposes of bandwidth
preservation in bandwidth-constrained environments.  Another example
would be an environment in which security and governance are key.

As such, I propose the following two changes to clarify the text in
Section 2:

2nd para:

OLD:
>    This BCP simply records the consensus to design
>    protocols so as to mitigate the attack, where possible.

NEW:

>    This BCP simply records the consensus to design
>    protocols so as to mitigate the attack, taking into account
> operational realities of network operators.

Next para:

OLD:
>    More limited-scope monitoring to assist with network management that
>    is required in order to operate the network or an application is not
>    considered pervasive monitoring.  There is though a clear potential
>    for such limited monitoring mechanisms to be abused as part of
>    pervasive monitoring, so this tension needs careful consideration in
>    protocol design.  Making networks unmanageable in order to mitigate
>    pervasive monitoring would not be an acceptable outcome.  But
>    equally, ignoring pervasive monitoring in designing network
>    management mechanisms would go against the consensus documented in
>    this BCP.  An appropriate balance will likely emerge over time as
>    real instances of this tension are considered.

NEW:

>    More limited-scope monitoring or other services or to assist with
> network operations that
>    is required in order to operate the network or an application is not
>    considered pervasive monitoring,
>    There is though a clear potential
>    for such mechanisms to be abused as part of
>    pervasive monitoring, so this tension needs careful consideration in
>    protocol design.  Making networks unmanageable in order to mitigate
>    pervasive monitoring would not be an acceptable outcome.  But
>    equally, ignoring pervasive monitoring in designing network
>    management mechanisms would go against the consensus documented in
>    this BCP.  An appropriate balance will likely emerge over time as
>    real instances of this tension are considered.

And so someone operating a small ISP with a cache in Madagascar or the
SP trying to manage bandwidth on a train can also have their
considerations taken into account.  It's for a working group to decide
how far to accommodate them, of course.

Eliot

_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass

v2.23.0 | Report a Bug | By Email