Effects of Pervasive Encryption on Operators
RFC 8404
| Document | Type |
RFC - Informational
(July 2018; No errata)
Was draft-mm-wg-effect-encrypt (individual in sec area)
|
|
|---|---|---|---|
| Last updated | 2018-07-24 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | Paul Hoffman | ||
| Shepherd write-up | Show (last changed 2018-01-22) | ||
| IESG | IESG state | RFC 8404 (Informational) | |
| Consensus Boilerplate | No | ||
| Telechat date | |||
| Responsible AD | Warren Kumari | ||
| Send notices to | "Paul Hoffman" <paul.hoffman@vpnc.org>, warren@kumari.net, opsawg@ietf.org | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | No IANA Actions | ||
Internet Engineering Task Force (IETF) K. Moriarty, Ed.
Request for Comments: 8404 Dell EMC
Category: Informational A. Morton, Ed.
ISSN: 2070-1721 AT&T Labs
July 2018
Effects of Pervasive Encryption on Operators
Abstract
Pervasive monitoring attacks on the privacy of Internet users are of
serious concern to both user and operator communities. RFC 7258
discusses the critical need to protect users' privacy when developing
IETF specifications and also recognizes that making networks
unmanageable to mitigate pervasive monitoring is not an acceptable
outcome: an appropriate balance is needed. This document discusses
current security and network operations as well as management
practices that may be impacted by the shift to increased use of
encryption to help guide protocol development in support of
manageable and secure networks.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It has been approved for publication by the Internet
Engineering Steering Group (IESG). Not all documents approved by the
IESG are candidates for any level of Internet Standard; see Section 2
of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8404.
Moriarty & Morton Informational [Page 1]
RFC 8404 Effects of Encryption July 2018
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Additional Background on Encryption Changes . . . . . . . 5
1.2. Examples of Attempts to Preserve Functions . . . . . . . 7
2. Network Service Provider Monitoring Practices . . . . . . . . 8
2.1. Passive Monitoring . . . . . . . . . . . . . . . . . . . 8
2.1.1. Traffic Surveys . . . . . . . . . . . . . . . . . . . 8
2.1.2. Troubleshooting . . . . . . . . . . . . . . . . . . . 9
2.1.3. Traffic-Analysis Fingerprinting . . . . . . . . . . . 11
2.2. Traffic Optimization and Management . . . . . . . . . . . 12
2.2.1. Load Balancers . . . . . . . . . . . . . . . . . . . 12
2.2.2. Differential Treatment Based on Deep Packet
Inspection (DPI) . . . . . . . . . . . . . . . . . . 14
2.2.3. Network-Congestion Management . . . . . . . . . . . . 16
2.2.4. Performance-Enhancing Proxies . . . . . . . . . . . . 16
2.2.5. Caching and Content Replication near the Network Edge 17
2.2.6. Content Compression . . . . . . . . . . . . . . . . . 18
2.2.7. Service Function Chaining . . . . . . . . . . . . . . 18
2.3. Content Filtering, Network Access, and Accounting . . . . 19
2.3.1. Content Filtering . . . . . . . . . . . . . . . . . . 19
2.3.2. Network Access and Data Usage . . . . . . . . . . . . 20
2.3.3. Application Layer Gateways (ALGs) . . . . . . . . . . 21
2.3.4. HTTP Header Insertion . . . . . . . . . . . . . . . . 22
3. Encryption in Hosting and Application SP Environments . . . . 23
3.1. Management-Access Security . . . . . . . . . . . . . . . 23
3.1.1. Monitoring Customer Access . . . . . . . . . . . . . 24
3.1.2. SP Content Monitoring of Applications . . . . . . . . 24
3.2. Hosted Applications . . . . . . . . . . . . . . . . . . . 26
3.2.1. Monitoring Managed Applications . . . . . . . . . . . 27
3.2.2. Mail Service Providers . . . . . . . . . . . . . . . 27
3.3. Data Storage . . . . . . . . . . . . . . . . . . . . . . 28
3.3.1. Object-Level Encryption . . . . . . . . . . . . . . . 28
Moriarty & Morton Informational [Page 2]
RFC 8404 Effects of Encryption July 2018
3.3.2. Disk Encryption, Data at Rest (DAR) . . . . . . . . . 29
Show full document text