Effects of Pervasive Encryption on Operators
RFC 8404

Document Type RFC - Informational (July 2018; No errata)
Was draft-mm-wg-effect-encrypt (individual in sec area)
Last updated 2018-07-24
Stream IETF
Formats plain text pdf html bibtex
Reviews
Stream WG state (None)
Document shepherd Paul Hoffman
Shepherd write-up Show (last changed 2018-01-22)
IESG IESG state RFC 8404 (Informational)
Consensus Boilerplate No
Telechat date
Responsible AD Warren Kumari
Send notices to "Paul Hoffman" <paul.hoffman@vpnc.org>, warren@kumari.net, opsawg@ietf.org
IANA IANA review state Version Changed - Review Needed
IANA action state No IC
Internet Engineering Task Force (IETF)                  K. Moriarty, Ed.
Request for Comments: 8404                                      Dell EMC
Category: Informational                                   A. Morton, Ed.
ISSN: 2070-1721                                                AT&T Labs
                                                               July 2018

              Effects of Pervasive Encryption on Operators

Abstract

   Pervasive monitoring attacks on the privacy of Internet users are of
   serious concern to both user and operator communities.  RFC 7258
   discusses the critical need to protect users' privacy when developing
   IETF specifications and also recognizes that making networks
   unmanageable to mitigate pervasive monitoring is not an acceptable
   outcome: an appropriate balance is needed.  This document discusses
   current security and network operations as well as management
   practices that may be impacted by the shift to increased use of
   encryption to help guide protocol development in support of
   manageable and secure networks.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It has been approved for publication by the Internet
   Engineering Steering Group (IESG).  Not all documents approved by the
   IESG are candidates for any level of Internet Standard; see Section 2
   of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8404.

Moriarty & Morton             Informational                     [Page 1]
RFC 8404                  Effects of Encryption                July 2018

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Additional Background on Encryption Changes . . . . . . .   5
     1.2.  Examples of Attempts to Preserve Functions  . . . . . . .   7
   2.  Network Service Provider Monitoring Practices . . . . . . . .   8
     2.1.  Passive Monitoring  . . . . . . . . . . . . . . . . . . .   8
       2.1.1.  Traffic Surveys . . . . . . . . . . . . . . . . . . .   8
       2.1.2.  Troubleshooting . . . . . . . . . . . . . . . . . . .   9
       2.1.3.  Traffic-Analysis Fingerprinting . . . . . . . . . . .  11
     2.2.  Traffic Optimization and Management . . . . . . . . . . .  12
       2.2.1.  Load Balancers  . . . . . . . . . . . . . . . . . . .  12
       2.2.2.  Differential Treatment Based on Deep Packet
               Inspection (DPI)  . . . . . . . . . . . . . . . . . .  14
       2.2.3.  Network-Congestion Management . . . . . . . . . . . .  16
       2.2.4.  Performance-Enhancing Proxies . . . . . . . . . . . .  16
       2.2.5.  Caching and Content Replication near the Network Edge  17
       2.2.6.  Content Compression . . . . . . . . . . . . . . . . .  18
       2.2.7.  Service Function Chaining . . . . . . . . . . . . . .  18
     2.3.  Content Filtering, Network Access, and Accounting . . . .  19
       2.3.1.  Content Filtering . . . . . . . . . . . . . . . . . .  19
       2.3.2.  Network Access and Data Usage . . . . . . . . . . . .  20
       2.3.3.  Application Layer Gateways (ALGs) . . . . . . . . . .  21
       2.3.4.  HTTP Header Insertion . . . . . . . . . . . . . . . .  22
   3.  Encryption in Hosting and Application SP Environments . . . .  23
     3.1.  Management-Access Security  . . . . . . . . . . . . . . .  23
       3.1.1.  Monitoring Customer Access  . . . . . . . . . . . . .  24
       3.1.2.  SP Content Monitoring of Applications . . . . . . . .  24
     3.2.  Hosted Applications . . . . . . . . . . . . . . . . . . .  26
       3.2.1.  Monitoring Managed Applications . . . . . . . . . . .  27
       3.2.2.  Mail Service Providers  . . . . . . . . . . . . . . .  27
     3.3.  Data Storage  . . . . . . . . . . . . . . . . . . . . . .  28
       3.3.1.  Object-Level Encryption . . . . . . . . . . . . . . .  28

Moriarty & Morton             Informational                     [Page 2]
RFC 8404                  Effects of Encryption                July 2018

       3.3.2.  Disk Encryption, Data at Rest (DAR) . . . . . . . . .  29
Show full document text