Effect of Pervasive Encryption
draft-mm-wg-effect-encrypt-08

Document Type Active Internet-Draft (individual in sec area)
Last updated 2017-03-16 (latest revision 2017-03-10)
Stream IETF
Intended RFC status Informational
Formats plain text xml pdf html bibtex
Reviews
Stream WG state (None)
Document shepherd Paul Hoffman
Shepherd write-up Show (last changed 2017-02-15)
IESG IESG state IESG Evaluation::Revised I-D Needed
Consensus Boilerplate Yes
Telechat date
Has 2 DISCUSSes. Has enough positions to pass once DISCUSS positions are resolved.
Responsible AD Stephen Farrell
Send notices to "Paul Hoffman" <paul.hoffman@vpnc.org>, warren@kumari.net
IANA IANA review state IANA OK - No Actions Needed
IANA action state None
Network Working Group                                        K. Moriarty
Internet-Draft                                                  Dell EMC
Intended status: Informational                                 A. Morton
Expires: September 11, 2017                                    AT&T Labs
                                                          March 10, 2017

                     Effect of Pervasive Encryption
                     draft-mm-wg-effect-encrypt-08

Abstract

   Increased use of encryption impacts operations for security and
   network management causing a shift in how these functions are
   performed.  In some cases, new methods to both monitor and protect
   data will evolve.  In other cases, the ability to monitor and
   troubleshoot could be eliminated.  This draft includes a collection
   of current security and network management functions that may be
   impacted by the shift to increased use of encryption.  This draft
   does not attempt to solve these problems, but rather document the
   current state to assist in the development of alternate options to
   achieve the intended purpose of the documented practices.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 11, 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of

Moriarty & Morton      Expires September 11, 2017               [Page 1]
Internet-Draft            Effect of Encryption                March 2017

   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Network Service Provider Monitoring . . . . . . . . . . . . .   5
     2.1.  Middlebox Monitoring  . . . . . . . . . . . . . . . . . .   5
       2.1.1.  Load Balancers  . . . . . . . . . . . . . . . . . . .   5
       2.1.2.  Traffic Analysis Fingerprinting . . . . . . . . . . .   6
       2.1.3.  Traffic Surveys . . . . . . . . . . . . . . . . . . .   6
       2.1.4.  Deep Packet Inspection (DPI)  . . . . . . . . . . . .   7
       2.1.5.  Connection to Proxy for Compression . . . . . . . . .   8
       2.1.6.  Mobility Middlebox Content Filtering  . . . . . . . .   8
       2.1.7.  Access and Policy Enforcement . . . . . . . . . . . .   9
     2.2.  Network Monitoring for Performance Management and
           Troubleshooting . . . . . . . . . . . . . . . . . . . . .  11
   3.  Encryption in Hosting SP Environments . . . . . . . . . . . .  11
     3.1.  Management Access Security  . . . . . . . . . . . . . . .  12
       3.1.1.  Customer Access Monitoring  . . . . . . . . . . . . .  12
       3.1.2.  Application SP Content Monitoring . . . . . . . . . .  13
     3.2.  Hosted Applications . . . . . . . . . . . . . . . . . . .  14
       3.2.1.  Monitoring needs for Managed Applications . . . . . .  15
       3.2.2.  Mail Service Providers  . . . . . . . . . . . . . . .  15
     3.3.  Data Storage  . . . . . . . . . . . . . . . . . . . . . .  16
       3.3.1.  Host-level Encryption . . . . . . . . . . . . . . . .  16
       3.3.2.  Disk Encryption, Data at Rest . . . . . . . . . . . .  17
       3.3.3.  Cross Data Center Replication Services  . . . . . . .  17
   4.  Encryption for Enterprises  . . . . . . . . . . . . . . . . .  18
     4.1.  Monitoring Needs of the Enterprise  . . . . . . . . . . .  18
       4.1.1.  Security Monitoring in the Enterprise . . . . . . . .  18
       4.1.2.  Application Performance Monitoring in the Enterprise   19
       4.1.3.  Enterprise Network Diagnostics and Troubleshooting  .  20
     4.2.  Techniques for Monitoring Internet Session Traffic  . . .  21
Show full document text