Browse Prior Art Database

IETF Policy on Wiretapping (RFC2804)

IP.com Disclosure Number: IPCOM000003403D
Original Publication Date: 2000-May-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 12 page(s) / 17K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

IAB: AUTHOR [+2]

Abstract

The Internet Engineering Task Force (IETF) has been asked to take a position on the inclusion into IETF standards-track documents of functionality designed to facilitate wiretapping.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 16% of the total text.

Network Working Group IAB

Request for Comments: 2804 IESG

Category: Informational May 2000

IETF Policy on Wiretapping

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

The Internet Engineering Task Force (IETF) has been asked to take a

position on the inclusion into IETF standards-track documents of

functionality designed to facilitate wiretapping.

This memo explains what the IETF thinks the question means, why its

answer is "no", and what that answer means.

1. Summary position

The IETF has decided not to consider requirements for wiretapping as

part of the process for creating and maintaining IETF standards.

It takes this position for the following basic reasons:

- The IETF, an international standards body, believes itself to be

the wrong forum for designing protocol or equipment features that

address needs arising from the laws of individual countries,

because these laws vary widely across the areas that IETF standards

are deployed in. Bodies whose scope of authority correspond to a

single regime of jurisdiction are more appropriate for this task.

- The IETF sets standards for communications that pass across

networks that may be owned, operated and maintained by people from

numerous jurisdictions with numerous requirements for privacy. In

light of these potentially divergent requirements, the IETF

believes that the operation of the Internet and the needs of its

users are best served by making sure the security properties of

connections across the Internet are as well known as possible. At

the present stage of our ignorance this means making them as free

from security loopholes as possible.

- The IETF believes that in the case of traffic that is today going

across the Internet without being protected by the end systems (by

encryption or other means), the use of existing network features,

if deployed intelligently, provides extensive opportunities for

wiretapping, and should be sufficient under presently seen

requirements for many cases. The IETF does not see an engineering

solution that allows such wiretapping when the end systems take

adequate measures to protect their communications.

- The IETF believes that adding a requirement for wiretapping w...