Effects of Pervasive Encryption on Operators
RFC 8404
Document | Type |
RFC - Informational
(July 2018; No errata)
Was draft-mm-wg-effect-encrypt (individual in sec area)
|
|
---|---|---|---|
Authors | Kathleen Moriarty , Al Morton | ||
Last updated | 2018-07-24 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | Paul Hoffman | ||
Shepherd write-up | Show (last changed 2018-01-22) | ||
IESG | IESG state | RFC 8404 (Informational) | |
Consensus Boilerplate | No | ||
Telechat date | |||
Responsible AD | Warren Kumari | ||
Send notices to | "Paul Hoffman" <paul.hoffman@vpnc.org>, warren@kumari.net, opsawg@ietf.org | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | No IANA Actions |
Internet Engineering Task Force (IETF) K. Moriarty, Ed. Request for Comments: 8404 Dell EMC Category: Informational A. Morton, Ed. ISSN: 2070-1721 AT&T Labs July 2018 Effects of Pervasive Encryption on Operators Abstract Pervasive monitoring attacks on the privacy of Internet users are of serious concern to both user and operator communities. RFC 7258 discusses the critical need to protect users' privacy when developing IETF specifications and also recognizes that making networks unmanageable to mitigate pervasive monitoring is not an acceptable outcome: an appropriate balance is needed. This document discusses current security and network operations as well as management practices that may be impacted by the shift to increased use of encryption to help guide protocol development in support of manageable and secure networks. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8404. Moriarty & Morton Informational [Page 1] RFC 8404 Effects of Encryption July 2018 Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Additional Background on Encryption Changes . . . . . . . 5 1.2. Examples of Attempts to Preserve Functions . . . . . . . 7 2. Network Service Provider Monitoring Practices . . . . . . . . 8 2.1. Passive Monitoring . . . . . . . . . . . . . . . . . . . 8 2.1.1. Traffic Surveys . . . . . . . . . . . . . . . . . . . 8 2.1.2. Troubleshooting . . . . . . . . . . . . . . . . . . . 9 2.1.3. Traffic-Analysis Fingerprinting . . . . . . . . . . . 11 2.2. Traffic Optimization and Management . . . . . . . . . . . 12 2.2.1. Load Balancers . . . . . . . . . . . . . . . . . . . 12 2.2.2. Differential Treatment Based on Deep Packet Inspection (DPI) . . . . . . . . . . . . . . . . . . 14 2.2.3. Network-Congestion Management . . . . . . . . . . . . 16 2.2.4. Performance-Enhancing Proxies . . . . . . . . . . . . 16 2.2.5. Caching and Content Replication near the Network Edge 17 2.2.6. Content Compression . . . . . . . . . . . . . . . . . 18 2.2.7. Service Function Chaining . . . . . . . . . . . . . . 18 2.3. Content Filtering, Network Access, and Accounting . . . . 19 2.3.1. Content Filtering . . . . . . . . . . . . . . . . . . 19 2.3.2. Network Access and Data Usage . . . . . . . . . . . . 20 2.3.3. Application Layer Gateways (ALGs) . . . . . . . . . . 21 2.3.4. HTTP Header Insertion . . . . . . . . . . . . . . . . 22 3. Encryption in Hosting and Application SP Environments . . . . 23 3.1. Management-Access Security . . . . . . . . . . . . . . . 23 3.1.1. Monitoring Customer Access . . . . . . . . . . . . . 24 3.1.2. SP Content Monitoring of Applications . . . . . . . . 24 3.2. Hosted Applications . . . . . . . . . . . . . . . . . . . 26 3.2.1. Monitoring Managed Applications . . . . . . . . . . . 27 3.2.2. Mail Service Providers . . . . . . . . . . . . . . . 27 3.3. Data Storage . . . . . . . . . . . . . . . . . . . . . . 28 3.3.1. Object-Level Encryption . . . . . . . . . . . . . . . 28 Moriarty & Morton Informational [Page 2] RFC 8404 Effects of Encryption July 2018 3.3.2. Disk Encryption, Data at Rest (DAR) . . . . . . . . . 29Show full document text