draft-ietf-intarea-broadcast-consider-07.txt   draft-ietf-intarea-broadcast-consider-08.txt 
skipping to change at page 1, line 13 skipping to change at page 1, line 13
Internet Engineering Task Force R. Winter Internet Engineering Task Force R. Winter
Internet-Draft University of Applied Sciences Augsburg Internet-Draft University of Applied Sciences Augsburg
Intended status: Informational M. Faath Intended status: Informational M. Faath
Expires: July 23, 2018 Conntac GmbH Expires: July 23, 2018 Conntac GmbH
F. Weisshaar F. Weisshaar
University of Applied Sciences Augsburg University of Applied Sciences Augsburg
January 19, 2018 January 19, 2018
Privacy considerations for protocols relying on IP broadcast and Privacy considerations for protocols relying on IP broadcast and
multicast multicast
draft-ietf-intarea-broadcast-consider-07 draft-ietf-intarea-broadcast-consider-08
Abstract Abstract
A number of application-layer protocols make use of IP broadcasts or A number of application-layer protocols make use of IP broadcasts or
multicast messages for functions like local service discovery or name multicast messages for functions like local service discovery or name
resolution. Some of these functions can only be implemented resolution. Some of these functions can only be implemented
efficiently using such mechanisms. When using broadcasts or efficiently using such mechanisms. When using broadcasts or
multicast messages, a passive observer in the same broadcast/ multicast messages, a passive observer in the same broadcast/
multicast domain can trivially record these messages and analyze multicast domain can trivially record these messages and analyze
their content. Therefore, designers of protocols that make use their content. Therefore, designers of protocols that make use
skipping to change at page 3, line 17 skipping to change at page 3, line 17
information that is distributed by multiple of these protocols can be information that is distributed by multiple of these protocols can be
correlated in a way that sensitive data can be derived. This is correlated in a way that sensitive data can be derived. This is
clearly true for any protocol, but broadcast/multicast is special in clearly true for any protocol, but broadcast/multicast is special in
at least two respects: at least two respects:
(a) The aforementioned large receiver group, consisting of receivers (a) The aforementioned large receiver group, consisting of receivers
unknown to the sender. This makes eavesdropping without special unknown to the sender. This makes eavesdropping without special
privileges or a special location in the network trivial for privileges or a special location in the network trivial for
anybody in the same broadcast/multicast domain. anybody in the same broadcast/multicast domain.
(b) Encryption is more difficult when broadcast/multicast messages, (b) Encryption is difficult when broadcast/multicast messages are
leaving content of these messages in the clear and making it used, for instance because a non-trivial key management protocol
easier to spoof and replay them. might be required. When encryption is not used, the content of
these messages is easily accessible, making it easy to spoof and
replay them.
Given the above, privacy protection for protocols based on broadcast Given the above, privacy protection for protocols based on broadcast
or multicast communication is significantly more difficult compared or multicast communication is significantly more difficult compared
to unicast communication and at the same time invading the privacy is to unicast communication and at the same time invading the privacy is
much easier. much easier.
Privacy considerations of IETF-specified protocols have received some Privacy considerations of IETF-specified protocols have received some
attention in the recent past (e.g. RFC 7721 [RFC7721] or RFC 7819 attention in the recent past (e.g. RFC 7721 [RFC7721] or RFC 7819
[RFC7819]). There is also general guidance available for document [RFC7819]). There is also general guidance available for document
authors on when and how to include a privacy considerations section authors on when and how to include a privacy considerations section
 End of changes. 2 change blocks. 
4 lines changed or deleted 6 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/