On Wed, Nov 27, 2013 at 12:56 PM, SM <sm(_at_)resistor(_dot_)net> wrote:
At 08:13 27-11-2013, IAB Chair wrote:
At the Vancouver IETF meeting, the IAB held a technical plenary that
discussed pervasive monitoring. The IAB believes that pervasive monitoring
represents an attack on the
The minutes for that plenary is not available at the moment. I would
appreciate if the minutes could be published.
[MB] A last round of edits (editorial clarifications) are underway right
now. The minutes will be published no later than Tuesday, December 3rd,
2013. [/MB]
Internet in as much as large amounts of information that is intended to
be confidential between sets of individuals is in fact gathered and
aggregated by third parties. Such a broad scale attack can undermine
confidence in the infrastructure, no matter the intent of those collecting
the information.
draft-farrell-perpass-attack-00 is intended to establish an IETF
community consensus on this matter. We encourage the community to read and
engage in discussion about this draft, and also to take practical measures
to limit pervasive monitoring within their environments.
In Section 1:
"that should be mitigated where possible via the design of protocols
that make pervasive monitoring significantly more expensive or
infeasible"
That sounds like an arms race [1].
"A fuller problem statement with more examples and description can be
found in [ProblemStatement]"
That document is not available.
"In particular, the term, when used technically, implies nothing about
the motivation of the bad-actor mounting the attack, who is still
called a bad-actor no matter what one really thinks about their
motivation."
The usual term in the IETF is "adversary" and not "bad-actor". "bad
actor" is sometimes defined as "contentious individual".
The Security Considerations section that the intended BCP is all about
privacy. The Introduction section mentions "illegal purposes by
criminals". I would describe the problem as having different angles; bad
people could capture the information being exchanged and use it for
nefarious purposes, nation states [2] can capture the information and use
it to find out what the people are discussing.
The draft is well-written. Given the catchy title I am left to wonder
which parts of the document is polite fiction (a social scenario in which
all participants are aware of a truth, but pretend to believe in some
alternative version of events to avoid conflict or embarrassment). In very
simplistic terms the draft says:
"consensus to design protocols so as to mitigate the attack, where
possible."
Quoting Martin Thomson: we trusted you; we were naive; never again.
Regards,
-sm
1. the continuing competitive attempt by two or more nations each to have
available to it more and more powerful weapons than the other(s).
2. http://ir.elbitsystems.com/phoenix.zhtml?c=61849&p=irol-
newsArticle&ID=1810121&highlight=