IETF RFC 4041 - Requirements for Morality Sections in Routing Area Drafts →

April 07, 2021 by Marc Handelman in IETF, Request For Comments, RFC, IETF Humor, Hmmmmmm, Bizarre RFCs

Network Working Group

A. Farrel Request for Comments: 4041

Old Dog Consulting

Category: Informational

1 April 2005

Requirements for Morality Sections in Routing Area Drafts

Status of This Memo

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Abstract

It has often been the case that morality has not been given proper consideration in the design and specification of protocols produced within the Routing Area. This has led to a decline in the moral values within the Internet and attempts to retrofit a suitable moral code to implemented and deployed protocols has been shown to be sub-optimal.

This document specifies a requirement for all new Routing Area Internet-Drafts to include a "Morality Considerations" section, and gives guidance on what that section should contain.

Introduction

It is well accepted by popular opinion and other reliable metrics that moral values are declining and that degeneracy is increasing. Young people are particularly at risk from the rising depravity in society and much of the blame can be squarely placed at the door of the Internet. If you do not feel safe on the streets at night, what do you think it is like on the Information Superhighway?

When new protocols or protocol extensions are developed within the Routing Area, it is often the case that not enough consideration is given to the impact of the protocol on the moral fiber of the Internet. The result is that moral consequences are only understood once the protocols have been implemented, and sometimes not until after they have been deployed.

Farrel Informational [Page 1]

RFC 4041 Routing Morality Section Requirements 1 April 2005

The resultant attempts to restore appropriate behavior and purge the community of improper activities are not always easy or architecturally pleasant. Further, it is possible that certain protocol designs make morality particularly hard to achieve.

Recognising that moral issues are fundamental to the utility and success of protocols designed within the IETF, and that simply making a wishy-washy liberal-minded statement does not necessarily provide adequate guarantees of a correct and proper outcome for society, this document defines requirements for the inclusion of Morality Considerations sections in all Internet-Drafts produced within the Routing Area. Meeting these requirements will ensure that proper consideration is given to moral issues at all stages of the protocol development process, from Requirements and Architecture, through Specification and Applicability.

The remainder of this document describes the necessary subsections of the Morality Considerations sections, and gives guidance about what information should be contained in those subsections.

1.1. Conventions Used in This Document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

The key words "SHALT", "SHALT NOT", "SMITE", and "PILLAR OF SALT" in this document are to be interpreted as expected.

Presence and Placement of Morality Considerations Sections

2.1. Null Morality Considerations Sections

It may be the case that the authors of Internet-Drafts have no or few morals. This does not relieve them of their duty to understand the consequences of their actions.

The more likely an author is to say that a null Morality Considerations section is acceptable, the more pressure must be exerted on him by the Area and the appropriate Working Group to ensure that he gives full consideration to his actions, and reflects long and hard on the consequences of his writing and the value of his life.

On the other hand, some authors are well known to have the highest moral pedigree: a fact that is plainly obvious from the company they keep, the Working Groups they attend, and their eligibility for NomCom. It is clearly unnecessary for such esteemed persons to waste

Farrel Informational [Page 2]

RFC 4041 Routing Morality Section Requirements 1 April 2005

effort on Morality Considerations sections. It is inconceivable that anything that they write would have anything other than a beneficial effect on the Routing Area and the Internet in general.

2.2. Mandatory Subsections

If the Morality Considerations section is present, it MUST contain at least the following subsections. The content of these subsections is surely self-evident to any right-thinking person. Further guidance can be obtained from your moral guardian, your household gods, or from any member of the IMM (Internet Moral Majority).

Likelihood of misuse by depraved or sick individuals. This subsection must fully address the possibility that the proposed protocols or protocol extensions might be used for the distribution of blue, smutty, or plain disgusting images.
Likelihood of misuse by misguided individuals. There is an obvious need to protect minors and people with misguided thought processes from utilising the protocols or protocol extensions for purposes that would inevitably do them harm.
Likelihood of misuse by large, multi-national corporations. Such a thought is, of course, unthinkable.
Availability of oversight facilities. There are those who would corrupt our morals motivated as they are by a hatred of the freedom of Internet access with which we are graced. We place a significant burden of responsibility on those who guard our community from these evil-doers and it is only fitting that we give them as much support as is possible. Therefore, all encryption and obfuscation techniques MUST be excluded - individuals who have nothing to hide need to fear the oversight of those whose morals are beyond doubt.
Inter-SDO impact. We must allow for other moral frameworks and fully respect other people's right to subscribe to other belief systems. Such people are, however, wrong and doomed to spend eternity in a dark corner with only dial-up access. So it has been written.
Care and concern for avian carriers. A duck may be somebody's mother.

Even if one or more of these subsections are considered irrelevant, they MUST all still be present, and MUST contain a full rebuttal of this deviant thought.

Farrel Informational [Page 3]

RFC 4041 Routing Morality Section Requirements 1 April 2005

2.3. Optional Subsections

Additional subsections may be added to accommodate zealots.

2.4. Placement of Morality Considerations Sections

The Morality Considerations section MUST be given full prominence in each Internet Draft.

Applicability Scenarios

This section outlines, by way of example, some particular areas that are in dire need of reform and where a short, sharp shock could make a really big difference.

3.1. Provision of Services

We must do our utmost to ensure that services are delivered in a timely and reliable way. Emphasis should be placed on Quality of Service (QoS) and meeting the needs of the consumer of the service.

Arrangements should be made for regular provision of services, and sermons should be to the point and contain a strong moral message.

3.2. Political Correctness (PC)

Political correctness has gone too far. This problem can be traced way back to the 1970s when the desktop PC was invented. It is necessary for Internet-Drafts to observe a form of political correctness, but note that you do not always have to mean what you say.

3.2.1. Differentiated Services

Segregation of packets on the grounds of color is now banned and Internet-Drafts must not make use of this technique.

If you follow all of the recommendations in this document, you will find that "packets of color" (as we must now refer to them) tend to avoid your points of presence, and you will no longer be troubled by them.

3.2.2. Jumbo Packets

It is no longer appropriate to refer to "jumbo packets". Please use the term "capacitorially challenged".

Farrel Informational [Page 4]

RFC 4041 Routing Morality Section Requirements 1 April 2005

3.2.3. Byte Ordering

Note that within Internet-Drafts, bytes (and bits) progress from the left to the right. This is how things should be.

3.3. Protection or Abstinence

Much has been made recently of the need to provide protection within the Internet. It is the role of the IMM to determine when protection is required, and the role of the IESG bulldogs to ensure that we are all protected.

However, protection is only one way to prevent unplanned outages and, as we all know, the ready availability of protection schemes such as 1:1 (one-on-one) or 1:n (orgy-mode) have lead to a belief that it is acceptable to switch (or swing) at will. It should be noted that protection can fail, and under no circumstances should extra traffic be countenanced.

In reality, the only safe way to avoid passing data to your friends is to agree to pledge to have no control plane before marriage. Join our campaign and sign up for the SONET Ring Thing.

3.4. Promiscuity

Various disgusting protocols indulge in promiscuity. This appears to happen most often when an operator is unwilling to select a single partner and wants to play the field.

Promiscuous modes of operation are an abomination, exceeded only by multicast.

Terminology

Admission Control The caring investigative arm of the IMM.

Doom Port 666. Need we say more?

ECMP What is this? Some kind of Communism?

Money The root of all evil.

Farrel Informational [Page 5]

RFC 4041 Routing Morality Section Requirements 1 April 2005

MPLS What is with this "layer two-and-a-half" nonsense? The world is flat, just accept the fact.

Packet Switching Sounds like fraud to me.

Path The route of all LSPs.

Policy Control The administrative arm of the IMM.

Random Walk Substance abuse is to be avoided.

Rendezvous Point Poorly lit street corner. Not to be confused with the root of all multicast.

Standard Body What we should all strive for.

Strawberry Ice Cream Something that wills the void between rational discussion and all-out thermo nuclear war [SCREAM].

Morality Considerations

The moral pedigree of the author of this document places him and his writings beyond question.
IANA Considerations

IANA should think carefully about the protection of their immortal souls.
Security Considerations

Security is of the utmost importance.

A secure Internet community will ensure the security of all of its members.

Farrel Informational [Page 6]

RFC 4041 Routing Morality Section Requirements 1 April 2005

Acknowledgements

I would like to thank my guru Alex Dipandra-Zinin.

Jozef Wroblewski, who clearly knows promiscuous behavior when he sees it, pointed out some of the dangers in promiscuous operation.

No avian carriers were harmed in the production of this document.
Intellectual Property Considerations

Property is theft. What is yours is mine. What is mine, you keep your hands off.
Normative References

I don't need to be told how to formulate my morals.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
```
Requirement Levels", BCP 14, RFC 2119, March 1997.
```
Informative References

To be frank, I don't find many other documents informative.

[SCREAM] Farrel, A., "Observations on Proposing Protocol
```
Enhancements that Address Stated Requirements but also go
    Further by Meeting more General Needs", Work in Progress,
    June 2003.
```

Author's Address

Adrian Farrel Old Dog Consulting

Phone: I'm not telling you that. Why do you ask, anyway? EMail: adrian@olddog.co.uk

Farrel Informational [Page 7]

RFC 4041 Routing Morality Section Requirements 1 April 2005

Full Copyright Statement

This document is subject to the rights, licenses and restrictions contained in BCP 78 and at www.rfc-editor.org/copyright.html, and except as set forth therein, the authors retain all their rights.

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org.

Acknowledgement

Funding for the RFC Editor function is currently provided by the Internet Society.

Farrel Informational [Page 8]

Protocol Police: The RFC →

April 07, 2021 by Marc Handelman in IETF, Request for Comments, RFC, IETF Humor, Hmmmmmm

Independent Submission G. Grover Request for Comments: 8962
Category: Informational N. ten Oever ISSN: 2070-1721
C. Cath

S. Sahib
                                                        1 April 2021


                Establishing the Protocol Police

Abstract

One mantra of the IETF is, "We are not the Protocol Police." However, to ensure that protocols are implemented and deployed in full compliance with the IETF's standards, it is important to set up a body that is responsible for assessing and enforcing correct protocol behavior.

This document formally establishes the Protocol Police. It defines the body and sets out what aspects of IETF protocols they will police. This document acts as a point of reference for networking engineers, law enforcement officials, government representatives, and others. It also provides advice on how to report issues to the Protocol Police.

Status of This Memo

This document is not an Internet Standards Track specification; it is published for informational purposes.

This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not candidates for any level of Internet Standard; see Section 2 of RFC 7841.

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8962.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.

Table of Contents

Introduction
Definitions
Composition of the Protocol Police 3.1. Recognizing the Protocol Police 3.2. Recruitment
Support for the Protocol Police
Punishable Offenses 5.1. Protocol-Layer Violations 5.2. Deliberate Non-Interoperability 5.3. Disobeying RFCs
Reporting Offenses
Punishment 7.1. Traffic Imprisonment
Morality Considerations 8.1. Oversight
IANA Considerations
Security Considerations
Privacy Considerations
Human Rights Considerations
Conclusion
Informative References Acknowledgments Authors' Addresses

Introduction

IETF participants are often confronted with circumstances where developers or deployers choose to not obey the sacrosanct words of an RFC. This can lead to outcomes that are widely agreed to be unexpected, unwarranted, or undesirable.

Some are of the opinion that IETF participants should come to a consensus and declare what protocol behavior is unacceptable, and that the maintainers and developers of non-compliant protocols should be chastised. Others (especially working group chairs) non- gracefully fall back on the undocumented mantra, "We [or the IETF] are not the Protocol Police." Understandably, this has led to confusion about who should make judgments about proper interpretation of protocol specifications.

This document formally establishes the Protocol Police, hitherto undocumented at the IETF. It defines the body and sets out what aspects of IETF protocols they will police. This document acts as a point of reference for networking engineers, law enforcement officials, government representatives, and others. It also provides advice on how to report issues to the Protocol Police.

The Protocol Police, as defined in this document, are responsible for enforcing all IETF standards and best practices.
Definitions

For possibly the first time in IETF history, words like "SHALL" and "MAY" are used in this document in their real and enforceable sense.
Composition of the Protocol Police

The Protocol Police shall be selected by the IETF Nominating Committee (NomCom) as laid out in [RFC3797] in a manner similar to that used to select the IAB and IESG [RFC8713].

However, the members of the Protocol Police shall not be publicly named. This will enable them to operate more effectively and without interference or unwarranted pressure from members of the community. The first rule of the Protocol Police is $CIPHERTEXT.

3.1. Recognizing the Protocol Police

When more than one person says, "We are not the Protocol Police," at least one of them is not telling the truth.

The Protocol Police love company and are never alone.

You are not the Protocol Police: we are. We are not the Protocol Police: you are.

3.2. Recruitment

If you are interested in joining the Protocol Police, contact your localhost. Your behavior will be monitored, and your implementation will be analyzed for full RFC compliance. If your deeds, both now and in the past, are recognized to be true to the scripture, NomCom will of course be instructed to induct you to the ranks. But if you have transgressed, any information the investigation produces MAY be used against you in future proceedings.

In making an assessment of your suitability for membership of the Protocol Police, contact may be made on your behalf with the Internet Moral Majority [RFC4041].

If you have nothing to hide, you have nothing to fear.

Support for the Protocol Police

Support for the existence and operation of the Protocol Police is essential to the concept of "policing by consent." Fortunately, the IETF community and all stakeholders may now consider themselves served by this document which, by dint of its existence, warrants adherence.
Punishable Offenses

5.1. Protocol-Layer Violations

Some boundaries must not be crossed. There are no acceptable layer violations. Even though layers, like borders, are ambiguous abstractions only serving to uphold the legitimacy and identity of the institutions that produce them, they shall be observed and defended because the Protocol Police exist to defend them.

5.2. Deliberate Non-Interoperability

The Protocol Police are sanctioned to gain access to any walled garden that undermines interoperability. At the same time, the Protocol Police will defend legacy interoperability options in all NTP eras (see Section 6 of [RFC5905]), and will be reachable via the Extensible Messaging and Presence Protocol (XMPP) until at least era 2147483649.

5.3. Disobeying RFCs

In the beginning was the RFC, and the network was with the RFC, and the RFC was with the network. Through the RFC all things were made; without the RFC nothing was made that has been made. In the network was life, and that life was the light of all the INTERNET. Thou shalt not deviate from the path set out in the RFCs or else thou shall be scattered over the data plane.

Reporting Offenses

Send all your reports of possible violations and all tips about wrongdoing to /dev/null. The Protocol Police are listening and will take care of it.
Punishment

7.1. Traffic Imprisonment

The Protocol Police will maintain a list of hosts and clients that have demonstrated their inability to comprehend simple commandments contained in RFCs, which all IETF participants know to be precise and accessible even to a general audience.

If this work is standardized, IANA is requested to register the list of addresses (see Section 9). For a period specified in an official notification, all other networks SHALL drop all network packets originating from or intended for such addresses. This will result in effective and forced confinement of criminal networks.

Using powerful machine-learning mechanisms for threat analysis, the Protocol Police will identify networks that are likely to fail to comply with this requirement. This process is known as Heuristic Internet Policing (HIP). Networks identified in this way will be disciplined by the Protocol Police with TCP RSTs. Let it be known: the Protocol Police always shoot from the HIP.

Morality Considerations

This section contains morality considerations consistent with the demands of [RFC4041].

| We reject: kings, presidents and voting. | We believe in: rough consensus and running code. | We only bow down to: the Protocol Police. |
| -- My friend Dave

| Woop-woop! This is the Protocol Police! | Woop-woop! That's the packet of the beast! |
| -- KRS-ZERO (after spotting an evil bit [RFC3514])

8.1. Oversight

All police forces must be accountable and subject to oversight. The Protocol Police take full responsibility for oversight of their actions and promise to overlook all activities.

IANA Considerations

If this work is standardized, IANA shall set up a registry for criminal networks and addresses. If the IANA does not comply with these orders, the Protocol Police shall go and cry to ICANN before becoming lost in its bureaucracy.
Security Considerations

Before the Protocol Police, there was no security. The Police have arrived. All your networks are belong to us.
Privacy Considerations

None.
Human Rights Considerations

There are none for you to worry about. The Police will see to it.
Conclusion

Case closed.

Informative References

[RFC3514] Bellovin, S., "The Security Flag in the IPv4 Header",

RFC 3514, DOI 10.17487/RFC3514, April 2003,
     <https://www.rfc-editor.org/info/rfc3514>.

[RFC3797] Eastlake 3rd, D., "Publicly Verifiable Nominations

Committee (NomCom) Random Selection", RFC 3797,
     DOI 10.17487/RFC3797, June 2004,
     <https://www.rfc-editor.org/info/rfc3797>.

[RFC4041] Farrel, A., "Requirements for Morality Sections in Routing

Area Drafts", RFC 4041, DOI 10.17487/RFC4041, April 2005,
     <https://www.rfc-editor.org/info/rfc4041>.

[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch,

"Network Time Protocol Version 4: Protocol and Algorithms
     Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010,
     <https://www.rfc-editor.org/info/rfc5905>.

[RFC8713] Kucherawy, M., Ed., Hinden, R., Ed., and J. Livingood,

Ed., "IAB, IESG, IETF Trust, and IETF LLC Selection,
     Confirmation, and Recall Process: Operation of the IETF
     Nominating and Recall Committees", BCP 10, RFC 8713,
     DOI 10.17487/RFC8713, February 2020,
     <https://www.rfc-editor.org/info/rfc8713>.

Acknowledgments

Members of the Protocol Police MUST salute and ACK all network traffic from Daniel Kahn Gillmor, Mallory Knodel, and Adrian Farrel.

Authors' Addresses

Gurshabad Grover

Email: gurshabad@cis-india.org

Niels ten Oever

Email: mail@nielstenoever.net

Corinne Cath

Email: corinnecath@gmail.com

Shivan Kaul Sahib

Email: shivankaulsahib@gmail.com

via

TLS 1.3 Final Finalized, Finally

August 15, 2018 by Marc Handelman in ISOC, Infosec Policy, IETF, TLS

Truly astonishing the length of time our beloved (Hmmmmmm) IETF takes to remediate the suborg's own bad decisions with a stop-gap measure...

The Forward Secrecy Chronicles, TLS 1.3 Hath Garnered Favor →

April 02, 2018 by Marc Handelman in TLS, Information Security, ISOC, IETF, Network Security, Network Protocols

Good news for mankind (and their AI minions) traversing the web's winding corridors of nattering decreptitude and bubbling evil, Transport Layer Security 1.3 has won approval by the Gods of the IETF, with narry a bleat of negativity. Rejoice!

IETF Network Working Group Slated to Consider The Holy Hand Grenade of Antioch (aka draft-camelot-holy-grenade-00) →

March 27, 2018 by Marc Handelman in IETF, ISOC

Here it 'tis, in it's entirety (also available in TXT, HTML et cetera...)

Network Working Group A. Pendragon Internet-Draft Camelot Updates: 8140 (if approved) March 23, 2018 Intended status: Informational
Expires: September 24, 2018

The Holy Hand Grenade of Antioch draft-camelot-holy-grenade-00 Abstract The menagerie of beasts and artefacts depicted in RFC8140 may be usefully supplemented by other renowned figures of Internet and more general lore. This document extends the menagerie to the seminal fable of the "Holy Hand Grenade of Antioch", as depicted in the Monty Python film "Monty Python and the Holy Grail", as well as "Spamalot", the musical inspired by the movie. Spamalot The relevance of the musical "Spamalot" to Internet lore should be obvious to the reader; but in case of doubt, see also Section 1 ("What is Spam*?") of RFC2635. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 24, 2018. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.

Table of Contents

1. Terminology
2. Introduction
3. The French-occupied castle
4. The Mythos of Caerbannog
    4.1. The Killer Rabbit of Caerbannog
    4.2. Holy Hand Grenade of Antioch
5. Dramatis Personae
    5.1. Past the Killer Rabbit
6. IANA Considerations
7. Security Considerations
8. References
    8.1. Normative References
    8.2. Informative References
Index
Author's Address

Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

Introduction

[RFC8140] refers to the intended move of RFC formatting to XML2RFC v3 [RFC7990], in the following terms:

Although the RFC Editor has recently dragged the IETF kicking and screaming into the twentieth century [RFC7990] [RFC7996], there is a yearning among all right-thinking Internet architects to "keep it simple" and to return to the olden days when pigs could be given thrust without anyone taking undue offence.

-- A. Farrel

While no pigs, flying or otherwise, are involved in the transition to RFC XML v3, it is opportune to enhance the [RFC8140] legendarium in the service of RFC XML v3, by illustrating its functionality through references to the mythology of Camelot, and particularly the incidents at the Cave of Caerbannog.

The screaming move into the twenty-first century is accompanied by a move back to the late twentieth century, with ASCII stylings more wonted in haunts like ftp://ftp.wwa.com/pub/Scarecrow (known to be accessible in 1996.)

There are two references to rabbits in Monty Python and the Holy Grail which are expounded on herewith:

Trojan Rabbit

In their siege of the French-occupied castle which may already contain an instance of the Grail, Sir Bedevere the Wise proposes to use a Trojan Rabbit to infiltrate the castle, with a raiding party to take the French "not only by surprise, but totally unarmed."
The proposal, unsurprisingly, proved abortive. The more so as the raiding party forgot to hide within the Trojan Rabbit, before the French soldiers took the Trojan Rabbit inside the castle.

Killer Rabbit of Caerbannog

Guarding the entrance to the Cave of Caerbannog; see Section 4.

The French-occupied castle

The participants of that renowned exercise in cross-cultural communication, to wit the exchange between the Knights of the Round Table and the taunting French soldiers serving under Guy de Lombard are, properly speaking, outside the scope of this menagerie, being more or less human. Notwithstanding, several^ish^ beasts both animated and wooden played a significant part in this encounter; most notably:

The Projectile Cow, see Figure 1
The Trojan Rabbit, see Figure 2

.-.-.-.-.-.-.-.-.-.-.-.--.-.-.-.-.-.-.--.-.-.-.-.-.-.-.--.-.

..-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-…-.-.--..-.-.-.-.-.-..--.- ,..,.,.,.,.,..,.,,..,.,.,.,.,.,, ^^ .,,.,., ^^ .,.,.,.= >-.-.-.-.>>>.-.-.-.-.-.-.-. \\ .,.,. /// .-.-.-.-. .,.,.,.,..,.,..,.,.,..,.,.,,..,., \ ___/ / .,.,.,., .,.,.,.,..,.,.,.,..,,..,,.,.,.,.,. <[ data-preserve-html-node="true" {o} . ]> # .,.,.,. .-.-.--.-.-.-.-.-.--.-.-.-.--.-.-. [ __] .-.-.-. .-.--.-.-.-.--.-.-.-.--.-.-.,.,., / [ ! ‘ ‘! .,.,..,.,.- .,.,.,.-.-,l,-,l.-,.,.,.,-.,. / {!MOO!] . ., . . , .-.-.-.-.-.-.-.-.-.-.-.-.-.- /M / -.-<>.,.,..-.-, .-.-.--.-.-.-.-.-.-.-.-.--.. /MI LK_ .-.-.-.-.-. .-.-.-.--.-.-.-.-.-.-.-.-.- /MILK mil__k ,.,.,..-,- .-,-.-,-.,-.-,-.-.-/-.. // - // .-.p . .-.-. .-.--.-.-.-.-.-.-.-. // ., // .-.-.-.-.-.-.-.- .-.-.--.-.-.-.-.-.-. %_============ .-.-.--.-.-.-.-.- -.-.-.-.--.-.-.-.-.-. ! ! .,-.-.-,-,--,-.-,- ,--.-.-,--.--.-.,--, \ \ .-,-,--.-,--,-.---,-.-, ,-.-.-,-,-.-,-,-.--, + > .-,--,-.--,-,-.-.-,--,- ,--.-,--,-,--.---,- .-,-,--.--,--,-.---,-,-.-. .,.,.,.,..,.,.,.{A\ .,.,.,.,..,.,.,.,.,.,..,.,.,.,..,., .,.,.,.,.,.,.{GLASS\ .,..,.,.,.,.,..,.,.,.,.,.,.,..,.,.,. ,..,.,,.,,.,{OF|MILK..,.,.,.,.,..,.,.,.,.,.,..,.,.,.,.,.,. ,.,..,.,,.,{ISWORTH},.,.,..,.,.,.,.,..,..,.,.,..,.,.,.,.,.,. .,.,.,.,.{EVERYTNG}.-.-.--..-.-.-.-.--..--.-.-.-.-.--.-.-.-. -.-.-.-{FORINFANTS}-----___--(0~`~.,.,.,.,><><. data-preserve-html-node="true"><> -__-{BUTBETTER}-.-,-,-,-,-,-,-,-,.-^^^^.-.-.-.-.^^^7>>>,., .....{WITHHONEY}-.-.-.-.-.-.-.-.-.-.-.RANDOM(BUSH)SHRUBS>> GRASS_GRASS_GRASS_GRASS_GRASS_SOMEROCKS>GRASS>GRASSPC SOIL_ROOTS_SOIL_SOIL_ROCKS_SOIL_GRASS_GRASS_GRASS_ROCKS CLAY_ROCKS_REBBLES_CLAY_CLAY_CLAY_CLAY_GOLD_CLAY_CLAY>< CLAY_CLAY_SKLETONS_MORESOIL_CLAY_CLAY_CLAY_CLAY_CLAY_VR

Figure 1: The Projectile Cow with an accompanying cannon

___  ____
                      //_ \//\__\
                        || ||  |
                     -__||_||__|
                   //         \--_
                  //     ____     --___
                 //     //   \         \-_
                //      \\  @/        o ||
               //        ----      _____||
              //                   //
         //\_//__                 //
       //--  --- \____           //
      //          --- \______   //
     //   , .          ----- \_//_
    //       ,.               --- \____
   //              .,v             --- \___
  //                                 __ -- \_
 ||  ,         _______________       //||     |-_
 ||           |   |''''''''''|     // ||     |  |
 ||     '     |   |          |        ||     |  |
 ||           |   |          |        ||     |  |
 ||      "    |   | 0        |     ___||___  |  |
 ||           |   |          |     --------  |  |
 ||___        |   |          |        ______ |  |-
//     \      |   |          |       //     \| _| \

// \ |---|__|__// \/ | || X | / || X | / \ /\_/ \ // \_/ ----- \_/---

-----                                -----

Figure 2: The Trojan Rabbit with an automatic sliding door

While the exchange at the French-occupied castle is one of the more memorable scenes of Monty Python and the Holy Grail, the Trojan Rabbit has not reached the same level of cultural resonance as its more murderous counterpart. Reasons for this may include:

[CREF1]

Less overall screen-time dedicated to the Trojan Rabbit.
The Trojan Rabbit as projectile has already been anticipated by the Cow as projectile.

The exchange of projectile animals was the beginning of a long-running fruitful relationship between the British and the French peoples, which arguably predates the traditional English enmity with the French.

The Mythos of Caerbannog

The Cave of Caerbannog has been well-established in the mythology of Camelot (as recounted by Monty Python) as the lair of the Legendary Black Beast of Arrrghhh, more commonly known today as the Killer Rabbit of Caerbannog Section 4.1. It is the encounter between the Killer Rabbit of Caerbannog and the Knights of the Round Table, armed with the Holy Hand Grenade of Antioch (see the following section), that we recount here through monospace font and multiple spaces. 4.1. The Killer Rabbit of Caerbannog

The Killer Rabbit of Caerbannog, that most formidable foe of the Knights and of all that is holy or carrot-like, has been depicted diversely in lay and in song. We venture to say, contra the claim made in Section 4.1 of Ze Vompyre, that the Killer Rabbit of Caerbannog truly is the most afeared of all the creatures. Short of sanctified ordnance such as Holy Hand Grenade of Antioch, there are few remedies known against its awful lapine powers.

The following depiction of the fearsome beast has been sourced from Rabbit-SCII, accompanied by C code that was used in this accurate depiction of the Killer Rabbit:

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\^^^^^^^^^^^^^^^^^^^^^^\\\\\\\\\ \\\\\\\\\\<<#MWSHARPMWMWMWTEETHWMWWM data-preserve-html-node="true">>>\\\\\\ \\\\\\\\<<<#WMMWMWDEEPMDARKWCAVEMWWMMWM## data-preserve-html-node="true">>>>\\\\ \\\\\\\<<#WMWMWMWMWWM data-preserve-html-node="true"/^MWMWMWMWMWMW^WMWMWMMW#>>>\\\ \\\\\\<<#WMWMBEASTMW data-preserve-html-node="true"// \MWABBITWMW/ \MWMWMWMW##\\\\ \\\\\##MWMWMMWMWMWMWM\ \MWMWMWMW/ /MWMWMWMWM##\\\ \\\\##WMWMWMWMMWMWMWMWM\ \MWMWMW/ /MWMWMWMMWMWMWM##\ \\\##MWMMRAVENOUSMWMWMWM\ \====/ /MWMRABBITMWMWMWMW## \\\##MWMWMWMWMMWMWMWMWMW[[ ]WMWMWMMWMWMWMWMWMW \\##MWMWMWMWCARNIVOROUSW[[ 3 3 ]MWMWTOOMDARKWMWMMW \\##MWMWDARKMWMWMWMWMWMWM//\ o /MWMWMWMMWMWMWMMWMWM \##MWMWMMKILLERABBITWMWMM//| _vv_/ \WMPITCHWBLACKWMWMW ##MWMWMWMMWMWMWMWMWMMWMW// | -^^-/ |MWMWMWMMWMWMWMWMWM MWMWMWMMWMWVERYMDARKWMMW// | |MWMCAERBANNOGWMWMW MWMWMWMMWMWMWMWMWMWMWMM{{ / /MWMWMMWMWMWMWMWMWM MULTRADARKWMWMHELPMWMWMW\ \ | | |MWMCANMMWMWMWMMWMWW MWMWMWMWMMWMWMWMWMMWMWMWM\ | |_ | |WMWMMYOUMWMMWWMWMW MWMMWMWMWMWMBLACKWMWMWMWWM\|------\-\MWMWMWMREADMWMWWM MWMWMWMMWMWMWMWMMWMWMWWMWMWMWMMWMWMWMWMWMWMWMWMWMWMWMMTHISWW MWVERYMMSCARYMWMWWMWMMWMWMWMWMWMWMWMWMWMWMWMWWMWMMWMWIWM'.', MWMWMMWMW======MWMMCANTWSEEMAMTHINGMMWMWMWMWMWMWMBETMMW. MWMWMWM// SKULL \MWMWMWMMWSCREAMMMWMWMWMMWMNOTMWMWMWW . \ MWMWMW|| |X||X| |MWMWCALLMMEWMMWMWMMWMWMWMWWM - ~ . , ' MWMWMW||_ O |MWMWMWMMWMWMWMWMMW' ___// -^- MWMWMW \|||||MWMW ' . . <_|_|_||_|__| data-preserve-html-node="true" \O/ MW \\/\||v v|| -\\-------___ . ., \ | \\| \_CHIN/ ==-(|CARROT/)\> \/||// v\/||/ ) /--------^-^ ,. |//

(/ .\|x// " ' '

. , \||// ||\\// \

Figure 3: A Photo Of The Killer Rabbit of Caerbannog Taken In Secret

/ Locate the Killer Rabbit / int type; unsigned char *killerRabbit = LocateCreature(&caerbannog, "killer rabbit"); if( killerRabbit == 0 ){ puts("The Killer Rabbit of Caerbannog is out of town."); return LOST_CREATURE; }

/ Load Cave /
unsigned char *cave = LoadPlace(&caerbannog,
  "The Cave Of Caerbannog");
if( cave == 0 ){
  puts("The Cave of Caerbannog must have moved.");
  return LOST_PLACE;
}
/ Lure the Killer Rabbit back into the Cave /
unsigned char *carrot = allocateObjectInPlace(
  carrot("fresh"), cave);
if( carrot == 0 ){
  puts("No carrot, no rabbit.");
  return LOST_LURE;
}
/ Finally, notify the Killer Rabbit to act /
return notifyCreature(killerRabbit, &carrot);


Figure 4: C Code To Lure Killer Rabbit Back To Cave
On the beast's encounter with the Knights of the Round Table, the following personnel engaged with it in combat:
Killed
    Sir Bors
    Sir Gawain
    Sir Ector
Soiled Himself
    Sir Robin
Panicked
    King Arthur
Employed Ordnance
    The Lector
    Brother Maynard
Scoffed
    Tim the Enchanter
4.2. Holy Hand Grenade of Antioch
                    ______
                   \\/  \/
                  __\\  /__
                 ||  //\   |
                 ||__\\/ __|
                    ||  |    ,---,
                    ||  |====`\  |
                    ||  |    '---'
                  ,--'*`--,
                _||#|***|#|
             _,/.-'#|* *|#`-._
           ,,-'#####|   |#####`-.
         ,,'########|   |########`,
        //##########| o |##########\
       ||###########|   |###########|
      ||############| o |############|
      ||------------'   '------------|
      ||o  o  o  o  o   o  o  o  o  o|
       |-----------------------------|
       ||###########################|
        \\#########################/
         `..#####################,'
           ``..###############_,'
              ``--.._____..--'
                 `''-----''`
Figure 5: The Holy Hand Grenade of Antioch (don't pull the pin)
Figure 6: The Sovereign's Orb made invisible
The solution to the impasse at the Cave of Caerbannog was provided by the successful deployment of the Holy Hand Grenade of Antioch (see Figure 5) . Any similarity between the Holy Hand Grenade of Antioch and the mythical Holy Spear of Antioch is purely intentional; any similarity between the Holy Hand Grenade of Antioch and the Sovereign's Orb of the United Kingdom (see Figure 6) is putatively fortuitous.
Holy Hand Grenade of Antioch
Ordnance deployed by Brother Maynard under the incantation of a lector, in order to dispense with the Foes of the Virtuous. See Figure 5.
Holy Spear of Antioch
A supposed relic of the crucifixion of Jesus Christ, this is one of at least four claimed instances of the lance that pierced Christ's side. Its historical significance lies in inspiring crusaders to continue their siege of Antioch in 1098.
Sovereign's Orb of the United Kingdom
Part of the Crown Jewels of the United Kingdom, the Sovereign's Orb is a hollow gold sphere set with jewels and topped with a cross. It was made for Charles II in 1661. See Figure 6.
The instructions in the Book of Armaments on the proper deployment of the Holy Hand Grenade of Antioch MAY be summarized as follows, although this summary SHALL NOT be used as a substitute for a reading from the Book of Armaments:
Preamble: St Attila Benediction
Feast of the People on Sundry Foods
    Lambs
    Sloths
    Carp
    Anchovies
    Orangutangs
    Breakfast Cereals
    Fruit Bats
    et hoc genus omne
Take out the Holy Pin
The Count

A.
    Count is to Three: no more, no less
B.
    Not Four
C.
    Nor Two, except if the count then proceeds to Three
D.
    Five is Right Out

Lob the Holy Hand Grenade of Antioch towards the Foe
The Foe, being naughty in the LORD's sight, SHALL snuff it
This could also be represented in pseudocode as follows:
integer count;
for count := 1 step 1 until 3 do
  say(count)
comment Five is Right Out
Take out the Holy Pin
The Count
Lob the Holy Hand Grenade of Antioch towards the Foe
Foe snuffs it

Dramatis Personae

The following human (more-or-less) protagonists were involved in the two incidents recounted as lore of the Knights of the Round Table:
French Castle     Cave of Caerbannog
King Arthur     Patsy
Sir Bedevere the Wise     Sir Galahad the Pure
Sir Lancelot the Brave     Sir Robin the Not-quite-so-brave-as-Sir-Lancelot
French Guard with Outrageous Accent     Tim the Enchanter
Other French Guards     Brother Maynard
    The Lector
not yet recruited     Sir Bors
Sir Gawain     Sir Ector
Retinue of sundry knights     Retinue of sundry more knights than at the French Castle
5.1. Past the Killer Rabbit
Once the Killer Rabbit of Caerbannog (Figure 3) had been dispatched, the Knights of the Round Table uncovered the last words of Joseph of Arimathea, inscribed on the Cave of Caerbannog in Aramaic. While the precise Aramaic wording has not survived, we trust the following Hebrew subtitles will serve as an acceptable substitute:
.כאן אולי ימצאו המילים האחרונות של יוסף מארמתיה .מי אשר יהיה אמיץ ובעל נפש טהורה יוכל למצוא את הגביע הקדוש בטירת אאאאאאאה
"Here may be found the last words of Joseph of Arimathea. He who is valiant and pure of spirit may find the Holy Grail in the castle of — Aaaargh."

IANA Considerations

IANA might consider a registry to track the mythical, especially ravaging beasts, such as the Killer Rabbit, who haunt the Internet.

Security Considerations

Do not let the Killer Rabbit out under any circumstance.
I repeat. Do not let the Killer Rabbit (Figure 3) out.

References
8.1. Normative References
[RFC2119]     Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
8.2. Informative References
[grail_film]     Chapman, G., Cleese, J., Idle, E., Gilliam, T., Jones, T. and M. Palin, "Monty Python and the Holy Grail", 1975.
[RFC2635]     Hambridge, S. and A. Lunde, "DON'T SPEW A Set of Guidelines for Mass Unsolicited Mailings and Postings (spam*)", FYI 35, RFC 2635, DOI 10.17487/RFC2635, June 1999.
[RFC7990]     Flanagan, H., "RFC Format Framework", RFC 7990, DOI 10.17487/RFC7990, December 2016.
[RFC8140]     Farrel, A., "The Arte of ASCII: Or, An True and Accurate Representation of an Menagerie of Thynges Fabulous and Wonderful in Ye Forme of Character", RFC 8140, DOI 10.17487/RFC8140, April 2017.
[RFC8174]     Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017.
Index
C
 Cave of Caerbannog
H
 Holy Hand Grenade of Antioch
R
 relics
   Christian
   monarchic
Author's Address
Arthur son of Uther Pendragon Camelot Palace Camel Lot 1 Camelot, England United Kingdom EMail: arthur.pendragon@ribose.com URI: http://camelot.gov.example

Crypto-Zealots →

March 26, 2018 by Marc Handelman in ISOC, IETF, Engineering, Networks, Must Read

If you read anything in the next couple of days regarding the IETF, and cryptography, take a moment and read Geoff Huston's superb retort to a controversial statement piece by Tony Rutkowski, both on CircleID. Tremendous responses are many on our beloved interweb, and this may be one of them... Enjoy today's MustRead!

IETF 93 Prague, Coordinating Attack Response at Internet Scale

July 27, 2015 by Marc Handelman in All is Information, IETF, ISOC

Chris diBona @ IETF92 →

April 13, 2015 by Marc Handelman in All is Information, Internet, Internet Governance, ISOC, IETF, OpenSource

Nominations for the ISOC Jonathon B. Postel Service Award Opened

March 31, 2015 by Marc Handelman in ICANN, IETF, ISOC, Jonathan B. Postel

ISOC (Internet Society) has announced the annual Call for Nominations, for the organizations' 2015 Jonathan B. Postel Service Award (with a deadline of May 15th, 2015). Presentation of the award at IETF (Internet Engineering Task Force) #93. IETF 93 is slated for Sunday, 19 Jul 2015 through and inclusive of Friday, 24 Jul 2015 in stunningly beautiful Prague, Czech Republic.

Learn more about Jonathan Postel, Ph.D. whom Vinton Grey Cerf, Ph.D. once characterized thusly:

"Jon has been our North Star for decades ... He was the Internet's Boswell and its technical conscience." - Vinton Cerf, Ph.D.

Quotes

"It's perfectly appropriate to be upset. I thought of it in a slightly different way--like a space that we were exploring and, in the early days, we figured out this consistent path through the space: IP, TCP, and so on. What's been happening over the last few years is that the IETF is filling the rest of the space with every alternative approach, not necessarily any better. Every possible alternative is now being written down. And it's not useful." Jon Postel, Ph.D. (1)

(1) Richard Comerford. State of the Internet: Roundtable 4.0. IEEE Spectrum 35(10):69 - 79, October 1998.

IETF RFC 7258, Pervasive Monitoring Is An Attack →

February 03, 2015 by Marc Handelman in Right to Privacy, All is Information, Intelligence, Communications, Demise of Privacy, IETF, ICANN, IANA, Internet Governance, National Security

Quite likely, the most important document published this week on Infosecurity.US, now over a half-year old, [released during the month of May, 2014]. In accordance with the IETF Trust's Legal Provisions relating to IETF Documents in effect on the date of publication of this document, this RFC is published in it's entirety, without modification. Further information and Feedback opportunities can be found at the RFC Editor / RFC Database. The following information is the accurate content of RFC 7258. Enjoy!

###

BEST CURRENT PRACTICE

Internet Engineering Task Force (IETF)                        S. Farrell
Request for Comments: 7258                        Trinity College Dublin
BCP: 188                                                   H. Tschofenig
Category: Best Current Practice                                 ARM Ltd.
ISSN: 2070-1721                                                 May 2014

Pervasive Monitoring Is an Attack

Abstract

   Pervasive monitoring is a technical attack that should be mitigated
   in the design of IETF protocols, where possible.

Status of This Memo

   This memo documents an Internet Best Current Practice.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   BCPs is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7258.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Farrell & Tschofenig      Best Current Practice                 [Page 1]

 
RFC 7258            Pervasive Monitoring Is an Attack           May 2014

1. Pervasive Monitoring Is a Widespread Attack on Privacy

   Pervasive Monitoring (PM) is widespread (and often covert)
   surveillance through intrusive gathering of protocol artefacts,
   including application content, or protocol metadata such as headers.
   Active or passive wiretaps and traffic analysis, (e.g., correlation,
   timing or measuring packet sizes), or subverting the cryptographic
   keys used to secure protocols can also be used as part of pervasive
   monitoring.  PM is distinguished by being indiscriminate and very
   large scale, rather than by introducing new types of technical
   compromise.

   The IETF community's technical assessment is that PM is an attack on
   the privacy of Internet users and organisations.  The IETF community
   has expressed strong agreement that PM is an attack that needs to be
   mitigated where possible, via the design of protocols that make PM
   significantly more expensive or infeasible.  Pervasive monitoring was
   discussed at the technical plenary of the November 2013 IETF meeting
   [IETF88Plenary] and then through extensive exchanges on IETF mailing
   lists.  This document records the IETF community's consensus and
   establishes the technical nature of PM.

   The term "attack" is used here in a technical sense that differs
   somewhat from common English usage.  In common English usage, an
   attack is an aggressive action perpetrated by an opponent, intended
   to enforce the opponent's will on the attacked party.  The term is
   used here to refer to behavior that subverts the intent of
   communicating parties without the agreement of those parties.  An
   attack may change the content of the communication, record the
   content or external characteristics of the communication, or through
   correlation with other communication events, reveal information the
   parties did not intend to be revealed.  It may also have other
   effects that similarly subvert the intent of a communicator.
   [RFC4949] contains a more complete definition for the term "attack".
   We also use the term in the singular here, even though PM in reality
   may consist of a multifaceted set of coordinated attacks.

   In particular, the term "attack", used technically, implies nothing
   about the motivation of the actor mounting the attack.  The
   motivation for PM can range from non-targeted nation-state
   surveillance, to legal but privacy-unfriendly purposes by commercial
   enterprises, to illegal actions by criminals.  The same techniques to
   achieve PM can be used regardless of motivation.  Thus, we cannot
   defend against the most nefarious actors while allowing monitoring by
   other actors no matter how benevolent some might consider them to be,
   since the actions required of the attacker are indistinguishable from
   other attacks.  The motivation for PM is, therefore, not relevant for
   how PM is mitigated in IETF protocols.


Farrell & Tschofenig      Best Current Practice                 [Page 2]

RFC 7258            Pervasive Monitoring Is an Attack           May 2014

2. The IETF Will Work to Mitigate Pervasive Monitoring

   "Mitigation" is a technical term that does not imply an ability to
   completely prevent or thwart an attack.  Protocols that mitigate PM
   will not prevent the attack but can significantly change the threat.
   (See the diagram on page 24 of RFC 4949 for how the terms "attack"
   and "threat" are related.)  This can significantly increase the cost
   of attacking, force what was covert to be overt, or make the attack
   more likely to be detected, possibly later.

   IETF standards already provide mechanisms to protect Internet
   communications and there are guidelines [RFC3552] for applying these
   in protocol design.  But those standards generally do not address PM,
   the confidentiality of protocol metadata, countering traffic
   analysis, or data minimisation.  In all cases, there will remain some
   privacy-relevant information that is inevitably disclosed by
   protocols.  As technology advances, techniques that were once only
   available to extremely well-funded actors become more widely
   accessible.  Mitigating PM is therefore a protection against a wide
   range of similar attacks.

   It is therefore timely to revisit the security and privacy properties
   of our standards.  The IETF will work to mitigate the technical
   aspects of PM, just as we do for protocol vulnerabilities in general.
   The ways in which IETF protocols mitigate PM will change over time as
   mitigation and attack techniques evolve and so are not described
   here.

   Those developing IETF specifications need to be able to describe how
   they have considered PM, and, if the attack is relevant to the work
   to be published, be able to justify related design decisions.  This
   does not mean a new "pervasive monitoring considerations" section is
   needed in IETF documentation.  It means that, if asked, there needs
   to be a good answer to the question "Is pervasive monitoring relevant
   to this work and if so, how has it been considered?"

   In particular, architectural decisions, including which existing
   technology is reused, may significantly impact the vulnerability of a
   protocol to PM.  Those developing IETF specifications therefore need
   to consider mitigating PM when making architectural decisions.
   Getting adequate, early review of architectural decisions including
   whether appropriate mitigation of PM can be made is important.
   Revisiting these architectural decisions late in the process is very
   costly.

   While PM is an attack, other forms of monitoring that might fit the
   definition of PM can be beneficial and not part of any attack, e.g.,
   network management functions monitor packets or flows and anti-spam

Farrell & Tschofenig      Best Current Practice                 [Page 3]

 
RFC 7258            Pervasive Monitoring Is an Attack           May 2014


   mechanisms need to see mail message content.  Some monitoring can
   even be part of the mitigation for PM, for example, certificate
   transparency [RFC6962] involves monitoring Public Key Infrastructure
   in ways that could detect some PM attack techniques.  However, there
   is clear potential for monitoring mechanisms to be abused for PM, so
   this tension needs careful consideration in protocol design.  Making
   networks unmanageable to mitigate PM is not an acceptable outcome,
   but ignoring PM would go against the consensus documented here.  An
   appropriate balance will emerge over time as real instances of this
   tension are considered.

   Finally, the IETF, as a standards development organisation, does not
   control the implementation or deployment of our specifications
   (though IETF participants do develop many implementations), nor does
   the IETF standardise all layers of the protocol stack.  Moreover, the
   non-technical (e.g., legal and political) aspects of mitigating
   pervasive monitoring are outside of the scope of the IETF.  The
   broader Internet community will need to step forward to tackle PM, if
   it is to be fully addressed.

   To summarise: current capabilities permit some actors to monitor
   content and metadata across the Internet at a scale never before
   seen.  This pervasive monitoring is an attack on Internet privacy.
   The IETF will strive to produce specifications that mitigate
   pervasive monitoring attacks.

3. Process Note

   In the past, architectural statements of this sort, e.g., [RFC1984]
   and [RFC2804], have been published as joint products of the Internet
   Engineering Steering Group (IESG) and the Internet Architecture Board
   (IAB).  However, since those documents were published, the IETF and
   IAB have separated their publication "streams" as described in
   [RFC4844] and [RFC5741].  This document was initiated after
   discussions in both the IESG and IAB, but is published as an IETF-
   stream consensus document, in order to ensure that it properly
   reflects the consensus of the IETF community as a whole.

4. Security Considerations

   This document is entirely about privacy.  More information about the
   relationship between security and privacy threats can be found in
   [RFC6973].  Section 5.1.1 of [RFC6973] specifically addresses
   surveillance as a combined security-privacy threat.

Farrell & Tschofenig      Best Current Practice                 [Page 4]

 
RFC 7258            Pervasive Monitoring Is an Attack           May 2014

5. Acknowledgements

   We would like to thank the participants of the IETF 88 technical
   plenary for their feedback.  Thanks in particular to the following
   for useful suggestions or comments: Jari Arkko, Fred Baker, Marc
   Blanchet, Tim Bray, Scott Brim, Randy Bush, Brian Carpenter, Benoit
   Claise, Alissa Cooper, Dave Crocker, Spencer Dawkins, Avri Doria,
   Wesley Eddy, Adrian Farrel, Joseph Lorenzo Hall, Phillip
   Hallam-Baker, Ted Hardie, Sam Hartmann, Paul Hoffman, Bjoern
   Hoehrmann, Russ Housley, Joel Jaeggli, Stephen Kent, Eliot Lear,
   Barry Leiba, Ted Lemon, Subramanian Moonesamy, Erik Nordmark, Pete
   Resnick, Peter Saint-Andre, Andrew Sullivan, Sean Turner, Nicholas
   Weaver, Stefan Winter, and Lloyd Wood.  Additionally, we would like
   to thank all those who contributed suggestions on how to improve
   Internet security and privacy or who commented on this on various
   IETF mailing lists, such as the ietf@ietf.org and the
   perpass@ietf.org lists.

6. Informative References

   [IETF88Plenary]
              IETF, "IETF 88 Plenary Meeting Materials", November 2013,
              <http://www.ietf.org/proceedings/88/>.

   [RFC1984]  IAB, IESG, Carpenter, B., and F. Baker, "IAB and IESG
              Statement on Cryptographic Technology and the Internet",
              RFC 1984, August 1996.

   [RFC2804]  IAB and IESG, "IETF Policy on Wiretapping", RFC 2804, May
              2000.

   [RFC3552]  Rescorla, E. and B. Korver, "Guidelines for Writing RFC
              Text on Security Considerations", BCP 72, RFC 3552, July
              2003.

   [RFC4844]  Daigle, L. and Internet Architecture Board, "The RFC
              Series and RFC Editor", RFC 4844, July 2007.

   [RFC4949]  Shirey, R., "Internet Security Glossary, Version 2", RFC
              4949, August 2007.

   [RFC5741]  Daigle, L., Kolkman, O., and IAB, "RFC Streams, Headers,
              and Boilerplates", RFC 5741, December 2009.

   [RFC6962]  Laurie, B., Langley, A., and E. Kasper, "Certificate
              Transparency", RFC 6962, June 2013


Farrell & Tschofenig      Best Current Practice                 [Page 5]

 
RFC 7258            Pervasive Monitoring Is an Attack           May 2014


   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973, July
              2013.

Authors' Addresses

   Stephen Farrell
   Trinity College Dublin
   Dublin  2
   Ireland

   Phone: +353-1-896-2354
   EMail: stephen.farrell@cs.tcd.ie


   Hannes Tschofenig
   ARM Ltd.
   6060 Hall in Tirol
   Austria

   EMail: Hannes.tschofenig@gmx.net
   URI:   http://www.tschofenig.priv.at


Farrell & Tschofenig      Best Current Practice                 [Page 6]
Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/

Chaînes Bouché →

December 09, 2014 by Marc Handelman in All is Information, IETF, Information Security, Network Security, Signals, Wireless Security

Fascinating blog post at Trustwave SpiderLabs by Tom Neaves, detailing a deep interest in all things wireless, and in this case 802.11 wireless and covert channel exploitation. Today's Must Read.

Resolved →

December 01, 2014 by Marc Handelman in All is Information, DNS, Internet Governance, Network Security, ISOC, IETF, ICANN, IANA

Well scrivened thought piece via CircleID, written by Geoff Huston targeting the Domain Name System, and the location of users in relation to the named resolvers... Today's Must Read!

All Your Base, Encrypted They Are

November 25, 2014 by Marc Handelman in All is Information, Complexity, IETF, Information Security, SSL / TLS, EFF

Efforts are underway, led by the inimitable Electronic Frontier Foundation to encrypt the Internets, in it's entirety...

Yesterday's Gestation →

October 30, 2014 by Marc Handelman in All is Information, IANA, ICANN, IETF, Science, ARPAnet, Internet, Packet-Switching, Networks

via Paleofuture's Matt Novak. The inception date of our beloved interweb is generally assumed to be the date of the first electronic message transmitted via the packet switched network, that was to become the ARPANET, and at that time managed by BBN.

IETF Surveillance Mitigation RFC 7528

May 19, 2014 by Marc Handelman in Computer Science, Information Security, National Security, Security, IETF, Identity Theft

The IETF has declared pervasive monitoring as an attack via RFC 7528...