On Wed, Dec 11, 2013 at 11:07 AM, Stephen Farrell
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:
NEW:
Monitoring in itself can be a good thing and need not be part of
a pervasive monitoring attack. For example, network management
functions often require monitoring packets or flows, anti-spam
mechanisms may need to see mail message content and some kinds
of monitoring can be part of mitigating the pervasive monitoring
attack, e.g. with Certificate Transparency logs. [RFC6962]
There is though a clear potential
for such monitoring mechanisms to be abused as part of
pervasive monitoring, so this tension needs careful consideration in
protocol design. Making networks unmanageable in order to mitigate
pervasive monitoring would not be an acceptable outcome. But
equally, ignoring pervasive monitoring
would go against the consensus documented in
this BCP. An appropriate balance will likely emerge over time as
real instances of this tension are considered.
Good direction. Just to be clear, the issue is not whether we will
provide tools to mitigate what appears to be an attack. We will, and
we will also design protocols to be resistant to attack. This
paragraph should be about when to use techniques, not what techniques
to incorporate into protocols.
Scott