< draft-farrell-perpass-attack-04.txt		draft-farrell-perpass-attack-05.txt >
	Network Working Group S. Farrell		Network Working Group S. Farrell
	Internet-Draft Trinity College Dublin		Internet-Draft Trinity College Dublin
	Intended status: BCP H. Tschofenig		Intended status: BCP H. Tschofenig
	Expires: July 22, 2014 January 18, 2014		Expires: July 24, 2014 January 20, 2014
	Pervasive Monitoring is an Attack		Pervasive Monitoring is an Attack
	draft-farrell-perpass-attack-04.txt		draft-farrell-perpass-attack-05.txt
	Abstract		Abstract
	Pervasive monitoring is a technical attack that should be mitigated		Pervasive monitoring is a technical attack that should be mitigated
	in the design of IETF protocols, where possible.		in the design of IETF protocols, where possible.
	Status of this Memo		Status of this Memo
	This Internet-Draft is submitted in full conformance with the		This Internet-Draft is submitted in full conformance with the
	provisions of BCP 78 and BCP 79.		provisions of BCP 78 and BCP 79.
	skipping to change at page 1, line 31 ¶		skipping to change at page 1, line 31 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on July 22, 2014.		This Internet-Draft will expire on July 24, 2014.
	Copyright Notice		Copyright Notice
	Copyright (c) 2014 IETF Trust and the persons identified as the		Copyright (c) 2014 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 3, line 45 ¶		skipping to change at page 3, line 45 ¶
	to be published, be able to justify related design decisions. This		to be published, be able to justify related design decisions. This
	does not mean a new "pervasive monitoring considerations" section is		does not mean a new "pervasive monitoring considerations" section is
	needed in IETF documentation. It means that, if asked, there needs		needed in IETF documentation. It means that, if asked, there needs
	to be a good answer to the question "is pervasive monitoring relevant		to be a good answer to the question "is pervasive monitoring relevant
	to this work and if so how has it been considered?"		to this work and if so how has it been considered?"
	In particular, architectural decisions, including which existing		In particular, architectural decisions, including which existing
	technology is re-used, may significantly impact the vulnerability of		technology is re-used, may significantly impact the vulnerability of
	a protocol to PM. Those developing IETF specifications therefore		a protocol to PM. Those developing IETF specifications therefore
	need to consider mitigating PM when making these architectural		need to consider mitigating PM when making these architectural
	decisions and be prepared to justify their decisions. Getting		decisions. Getting adequate, early review of architectural decisions
	adequate, early review of architectural decisions including whether		including whether appropriate mitigation of PM can be made is
	appropriate mitigation of PM can be made is important. Revisiting		important. Revisiting these architectural decisions late in the
	these architectural decisions late in the process is very costly.		process is very costly.
	While PM is an attack, other forms of monitoring can be beneficial		While PM is an attack, other forms of monitoring can be beneficial
	and not part of any attack, e.g. network management functions monitor		and not part of any attack, e.g. network management functions monitor
	packets or flows and anti-spam mechanisms need to see mail message		packets or flows and anti-spam mechanisms need to see mail message
	content. Some monitoring can even be part of the mitigation for PM,		content. Some monitoring can even be part of the mitigation for PM,
	for example Certificate Transparency [RFC6962] involves monitoring		for example Certificate Transparency [RFC6962] involves monitoring
	Public Key Infrastructure in ways that could detect some PM attack		Public Key Infrastructure in ways that could detect some PM attack
	techniques. There is though a clear potential for monitoring		techniques. There is though a clear potential for monitoring
	mechanisms to be abused for PM, so this tension needs careful		mechanisms to be abused for PM, so this tension needs careful
	consideration in protocol design. Making networks unmanageable to		consideration in protocol design. Making networks unmanageable to
End of changes. 4 change blocks.
	7 lines changed or deleted		7 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/