RFC 2804 (rfc2804) - Page 2 of 10
IETF Policy on Wiretapping
Alternative Format: Original Text Document
RFC 2804 IETF Policy on Wiretapping May 2000
connections across the Internet are as well known as possible. At
the present stage of our ignorance this means making them as free
from security loopholes as possible.
- The IETF believes that in the case of traffic that is today going
across the Internet without being protected by the end systems (by
encryption or other means), the use of existing network features,
if deployed intelligently, provides extensive opportunities for
wiretapping, and should be sufficient under presently seen
requirements for many cases. The IETF does not see an engineering
solution that allows such wiretapping when the end systems take
adequate measures to protect their communications.
- The IETF believes that adding a requirement for wiretapping will
make affected protocol designs considerably more complex.
Experience has shown that complexity almost inevitably jeopardizes
the security of communications even when it is not being tapped by
any legal means; there are also obvious risks raised by having to
protect the access to the wiretap. This is in conflict with the
goal of freedom from security loopholes.
- The IETF restates its strongly held belief, stated at greater
length in [RFC 1984], that both commercial development of the
Internet and adequate privacy for its users against illegal
intrusion requires the wide availability of strong cryptographic
technology.
- On the other hand, the IETF believes that mechanisms designed to
facilitate or enable wiretapping, or methods of using other
facilities for such purposes, should be openly described, so as to
ensure the maximum review of the mechanisms and ensure that they
adhere as closely as possible to their design constraints. The IETF
believes that the publication of such mechanisms, and the
publication of known weaknesses in such mechanisms, is a Good
Thing.
2. The Raven process
The issue of the IETF doing work on legal intercept technologies came
up as a byproduct of the extensive work that the IETF is now doing in
the area if IP-based telephony.
In the telephony world, there has been a tradition of cooperation
(often mandated by law) between law enforcement agencies and
telephone equipment operators on wiretapping, leading to companies
that build telephone equipment adding wiretapping features to their
telephony-related equipment, and an emerging consensus in the
IAB & IESG Informational