SoylentNews is people
SoylentNews
Submission Preview
RFC7258 - IEFT proposes the definition of Pervasive Monitoring as an attack
IEFT debated last year [ietf.org] the group's position in regards with Pervasive Monitoring, and this RFC seems to be the first step: it proposes the official inclusion of the Pervasive Monitoring in the list of recommendations of RFC 3552 [ietf.org] (namely: "Guidelines for Writing RFC Text on Security Considerations") so that future protocol specifications and/or updates superseding older RFC will address pervasive monitoring specifically.
From the RFC text:
Pervasive Monitoring (PM) is widespread (and often covert) surveillance through intrusive gathering of protocol artefacts, including application content, or protocol metadata such as headers. Active or passive wiretaps and traffic analysis, (e.g., correlation, timing or measuring packet sizes), or subverting the cryptographic keys used to secure protocols can also be used as part of pervasive monitoring. PM is distinguished by being indiscriminate and very large scale, rather than by introducing new types of technical compromise.
The IETF community's technical assessment is that PM is an attack on the privacy of Internet users and organisations. The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible. Pervasive monitoring was discussed at the technical plenary of the November 2013 IETF meeting [IETF88Plenary [ietf.org]] and then through extensive exchanges on IETF mailing lists. This document records the IETF community's consensus and establishes the technical nature of PM.
Well, engineering problem addressed by engineering means? Good chances solutions will emerge.
