ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

2013-12-11 10:44:34
from [Avri Doria] [Permanent Link] 
Looks like a good language direction to me.

Avri Doria

Stephen Farrell <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:


Looking at this paragraph and the comments on it, maybe
the thing to do is to make the text talk more about
functions and try avoid tricky terminology.

So how'd a change along these lines be:

OLD:

  More limited-scope monitoring to assist with network management that
  is required in order to operate the network or an application is not
  considered pervasive monitoring.  There is though a clear potential
  for such limited monitoring mechanisms to be abused as part of
  pervasive monitoring, so this tension needs careful consideration in
  protocol design.  Making networks unmanageable in order to mitigate
  pervasive monitoring would not be an acceptable outcome.  But
  equally, ignoring pervasive monitoring in designing network
  management mechanisms would go against the consensus documented in
  this BCP.  An appropriate balance will likely emerge over time as
  real instances of this tension are considered.

NEW:

  Monitoring in itself can be a good thing and need not be part of
  a pervasive monitoring attack. For example, network management
  functions often require monitoring packets or flows, anti-spam
  mechanisms may need to see mail message content and some kinds
  of monitoring can be part of mitigating the pervasive monitoring
  attack, e.g. with Certificate Transparency logs. [RFC6962]
  There is though a clear potential
  for such monitoring mechanisms to be abused as part of
  pervasive monitoring, so this tension needs careful consideration in
  protocol design.  Making networks unmanageable in order to mitigate
  pervasive monitoring would not be an acceptable outcome.  But
  equally, ignoring pervasive monitoring
  would go against the consensus documented in
  this BCP.  An appropriate balance will likely emerge over time as
  real instances of this tension are considered.

Feedback appreciated. Probably better if that's more like "good
direction" or "bad direction" rather than immediate wordsmithing,
e.g. tweaking the examples is probably not the most important
for now.

S.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Scott Brim
Next by Date:  Re: Editorial thoughts on draft-farrell-perpass-attack-02, Scott Brim
Previous by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Scott Brim
Next by Thread:  Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice, Scott Brim
Indexes:  [Date] [Thread] [Top] [All Lists]