Re: [OPSEC] Comment for: draft-fairhurst-tsvwg-transport-encrypt-04

Mon, 13 Nov 2017 01:19:48 -0800 

The (very) related document that I had mentioned is:
Effect of Pervasive Encryption on Operators
              draft-mm-wg-effect-encrypt

This discusses "current security and network management practices that
may be impacted by the shift to increased use of encryption to help
guide protocol development in support of manageable, secure networks."
It is trying to just note that some information which operators may
had been using becomes unavailable when there is pervasive encryption,
and that things like tools / management will need to change as a
result.

W

On Mon, Nov 13, 2017 at 5:09 PM, Christopher Morrow
<[email protected]> wrote:
> If the goal of the draft is to raise awareness that:
>   "things are changing, old tools (tcpdump, etc) are not going to be as
> useful for network troubleshooting when more of the packet is encrypted"
>
> That's a fine goal, but statements in the draft like:
>
> " Encryption of the transport layer brings some well-known privacy and
>    security benefits, but also introduces various costs that need to be
>    considered."
>
> maybe 'considered' there should be: "planned for" ... There's also this:
>
>   "Pervasive use of transport header encryption can impact the ways that
>    protocols are designed, standardised, deployed, and operated.  The
>    choice of whether future transport protocols encrypt their protocol
>    headers therefore needs to be taken based not solely on security and
>    privacy considerations, but also taking into account the impact on
>    operations, standards, and research."
>
> From an operations perspective it seems that better/different tools is still
> the end result of these changes. Holding back the tide of better privacy for
> users in favor of not producing tooling to solve operations problems seems
> contradictory to a better world for users.
>
>
>
> _______________________________________________
> OPSEC mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/opsec
>



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec

Reply via email to