Reflections on Ten Years Past the Snowden Revelations
RFC 9446
| Document | Type |
RFC
- Informational
(July 2023)
Was
draft-farrell-tenyearsafter
(individual)
|
|
|---|---|---|---|
| Authors | Stephen Farrell , Farzaneh Badiei , Bruce Schneier , Steven M. Bellovin | ||
| Last updated | 2023-07-20 | ||
| RFC stream | Independent Submission | ||
| Formats | |||
| IESG | Responsible AD | (None) | |
| Send notices to | (None) |
RFC 9446
quot;, BCP 61,
RFC 3365, DOI 10.17487/RFC3365, August 2002,
<https://www.rfc-editor.org/info/rfc3365>.
[RFC6462] Cooper, A., "Report from the Internet Privacy Workshop",
RFC 6462, DOI 10.17487/RFC6462, January 2012,
<https://www.rfc-editor.org/info/rfc6462>.
[RFC7217] Gont, F., "A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address
Autoconfiguration (SLAAC)", RFC 7217,
DOI 10.17487/RFC7217, April 2014,
<https://www.rfc-editor.org/info/rfc7217>.
[RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
2014, <https://www.rfc-editor.org/info/rfc7258>.
[RFC7480] Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the
Registration Data Access Protocol (RDAP)", STD 95,
RFC 7480, DOI 10.17487/RFC7480, March 2015,
<https://www.rfc-editor.org/info/rfc7480>.
[RFC7481] Hollenbeck, S. and N. Kong, "Security Services for the
Registration Data Access Protocol (RDAP)", STD 95,
RFC 7481, DOI 10.17487/RFC7481, March 2015,
<https://www.rfc-editor.org/info/rfc7481>.
[RFC7687] Farrell, S., Wenning, R., Bos, B., Blanchet, M., and H.
Tschofenig, "Report from the Strengthening the Internet
(STRINT) Workshop", RFC 7687, DOI 10.17487/RFC7687,
December 2015, <https://www.rfc-editor.org/info/rfc7687>.
[RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D.,
and P. Hoffman, "Specification for DNS over Transport
Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May
2016, <https://www.rfc-editor.org/info/rfc7858>.
[RFC8056] Gould, J., "Extensible Provisioning Protocol (EPP) and
Registration Data Access Protocol (RDAP) Status Mapping",
RFC 8056, DOI 10.17487/RFC8056, January 2017,
<https://www.rfc-editor.org/info/rfc8056>.
[RFC8064] Gont, F., Cooper, A., Thaler, D., and W. Liu,
"Recommendation on Stable IPv6 Interface Identifiers",
RFC 8064, DOI 10.17487/RFC8064, February 2017,
<https://www.rfc-editor.org/info/rfc8064>.
[RFC8280] ten Oever, N. and C. Cath, "Research into Human Rights
Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280,
October 2017, <https://www.rfc-editor.org/info/rfc8280>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8461] Margolis, D., Risher, M., Ramakrishnan, B., Brotman, A.,
and J. Jones, "SMTP MTA Strict Transport Security (MTA-
STS)", RFC 8461, DOI 10.17487/RFC8461, September 2018,
<https://www.rfc-editor.org/info/rfc8461>.
[RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS
(DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018,
<https://www.rfc-editor.org/info/rfc8484>.
[RFC8981] Gont, F., Krishnan, S., Narten, T., and R. Draves,
"Temporary Address Extensions for Stateless Address
Autoconfiguration in IPv6", RFC 8981,
DOI 10.17487/RFC8981, February 2021,
<https://www.rfc-editor.org/info/rfc8981>.
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/info/rfc9000>.
[RFC9082] Hollenbeck, S. and A. Newton, "Registration Data Access
Protocol (RDAP) Query Format", STD 95, RFC 9082,
DOI 10.17487/RFC9082, June 2021,
<https://www.rfc-editor.org/info/rfc9082>.
[RFC9083] Hollenbeck, S. and A. Newton, "JSON Responses for the
Registration Data Access Protocol (RDAP)", STD 95,
RFC 9083, DOI 10.17487/RFC9083, June 2021,
<https://www.rfc-editor.org/info/rfc9083>.
[RFC9113] Thomson, M., Ed. and C. Benfield, Ed., "HTTP/2", RFC 9113,
DOI 10.17487/RFC9113, June 2022,
<https://www.rfc-editor.org/info/rfc9113>.
[RFC9224] Blanchet, M., "Finding the Authoritative Registration Data
Access Protocol (RDAP) Service", STD 95, RFC 9224,
DOI 10.17487/RFC9224, March 2022,
<https://www.rfc-editor.org/info/rfc9224>.
[Roth2022] Roth, E., "Internet backbone provider shuts off service in
Russia", The Verge, March 2022,
<https://www.theverge.com/2022/3/5/22962822/internet-
backbone-provider-cogent-shuts-off-service-russia>.
[Rowlett1998]
Rowlett, F. B., "The Story of Magic, Memoirs of an
American Cryptologic Pioneer", Aegean Park Press, 1998.
[Slater1870]
Slater, R., "Telegraphic Code, to Ensure Secresy in the
Transmission of Telegrams", First Edition, W.R. Gray,
1870, <https://books.google.com/books?id=MJYBAAAAQAAJ>.
[Smith1845]
Smith, F. O., "The Secret Corresponding Vocabulary:
Adapted for Use to Morse's Electro-Magnetic Telegraph, and
Also in Conducting Written Correspondence, Transmitted by
the Mails, or Otherwise", Thurston, Isley & Company, 1845,
<https://books.google.com/books?id=Z45clCxsF7EC>.
[STRINT] W3C and IAB, "A W3C/IAB workshop on Strengthening the
Internet Against Pervasive Monitoring (STRINT)", March
2014, <https://www.w3.org/2014/strint/>.
[Timeline] Wikipedia, "Global surveillance disclosures
(2013-present)", July 2023, <https://en.wikipedia.org/w/in
dex.php?title=Global_surveillance_disclosures_(2013%E2%80%
93present)&oldid=1161557819>.
[TLS-ECH] Rescorla, E., Oku, K., Sullivan, N., and C. A. Wood, "TLS
Encrypted Client Hello", Work in Progress, Internet-Draft,
draft-ietf-tls-esni-16, 6 April 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-tls-
esni-16>.
[Toronto] Memmott, M., "Canada Used Airport Wi-Fi To Track
Travelers, Snowden Leak Alleges", NPR, January 2014,
<https://www.npr.org/sections/thetwo-
way/2014/01/31/269418375/airport-wi-fi-used-to-track-
travelers-snowden-leak-alleges>.
[UTA] IETF, "Using TLS in Applications (uta)",
<https://datatracker.ietf.org/wg/uta/about>.
[Zubhoff2019]
Zuboff, S., "The Age of Surveillance Capitalism: The Fight
for a Human Future at the New Frontier of Power",
PublicAffairs, ISBN 9781781256855, January 2019.
Acknowledgments
Susan Landau added many valuable comments to Steve Bellovin's essay.
We thank Carsten Bormann, Brian Carpenter, Wendy Grossman, Kathleen
Moriarty, Jan Schaumann, Seth David Schoen, and Paul Wouters for
comments and review of this text, though that of course doesn't mean
that they necessarily agree with the text.
This document was created at the behest of Eliot Lear, who also cat
herded and did some editing.
Authors' Addresses
Stephen Farrell
Trinity College, Dublin
Ireland
Email: stephen.farrell@cs.tcd.ie
Farzaneh Badii
Digital Medusa
Email: farzaneh.badii@gmail.com
Bruce Schneier
Harvard University
United States of America
Email: schneier@schneier.com
Steven M. Bellovin
Columbia University
United States of America
Email: smb@cs.columbia.edu