IETF Policy on Wiretapping (RFC2804)
Original Publication Date: 2000-May-01
Included in the Prior Art Database: 2000-Sep-13
Internet Society Requests For Comment (RFCs)
IAB: AUTHOR [+2]
The Internet Engineering Task Force (IETF) has been asked to take a position on the inclusion into IETF standards-track documents of functionality designed to facilitate wiretapping.
Network Working Group IAB
Request for Comments: 2804 IESG
Category: Informational May 2000
IETF Policy on Wiretapping
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright (C) The Internet Society (2000). All Rights Reserved.
The Internet Engineering Task Force (IETF) has been asked to take a
position on the inclusion into IETF standards-track documents of
functionality designed to facilitate wiretapping.
This memo explains what the IETF thinks the question means, why its
answer is "no", and what that answer means.
1. Summary position
The IETF has decided not to consider requirements for wiretapping as
part of the process for creating and maintaining IETF standards.
It takes this position for the following basic reasons:
- The IETF, an international standards body, believes itself to be
the wrong forum for designing protocol or equipment features that
address needs arising from the laws of individual countries,
because these laws vary widely across the areas that IETF standards
are deployed in. Bodies whose scope of authority correspond to a
single regime of jurisdiction are more appropriate for this task.
- The IETF sets standards for communications that pass across
networks that may be owned, operated and maintained by people from
numerous jurisdictions with numerous requirements for privacy. In
light of these potentially divergent requirements, the IETF
believes that the operation of the Internet and the needs of its
users are best served by making sure the security properties of
connections across the Internet are as well known as possible. At
the present stage of our ignorance this means making them as free
from security loopholes as possible.
- The IETF believes that in the case of traffic that is today going
across the Internet without being protected by the end systems (by
encryption or other means), the use of existing network features,
if deployed intelligently, provides extensive opportunities for
wiretapping, and should be sufficient under presently seen
requirements for many cases. The IETF does not see an engineering
solution that allows such wiretapping when the end systems take
adequate measures to protect their communications.
- The IETF believes that adding a requirement for wiretapping will
make affected protocol designs considerably more complex.
Experience has shown that complexity almost inevitably jeopardizes
the security of communications even when it is not being tapped by
any legal means; there are also obvious risks raised by having to
protect the access to the wiretap. This is in conflict with...