They Are Looking At WHAT? Service Provider Monitoring

Network operators, especially those managing enterprise networks and data centers have expressed concern with deploying TLSv1.3, which is normal at the start of an adoption curve.  Through much work – listening  to operators and their explicit concerns – deploying  TLSv1.3 on Internet-based sessions terminating at the edge of the corporate network or data center is a logical first step that should not be business impacting.  This conclusion is based on discussion with operators in several venues and contributions to “The Effect of Pervasive Monitoring on Operations”, a survey of management and monitoring techniques in use by operators on service provider and enterprise networks. Deployments on internal networks may require further study by organizations evaluating their network architecture, security policies, monitoring and management tool sets.

Much insight was gleaned in the survey as service providers discussed their monitoring techniques on the Internet.  A reliable and trusted operator contributed that most of the monitoring performed is kept to packet headers for the transport, network, and data link layers.  This information continues to be available in TLSv1.3, although handshake messages after the SERVERHELO are encrypted via the EncryptedExtensions, leaving some previously available information encrypted.  One such example is the application-layer protocol negotiation (ALPN), where the request is in the clear and the response is encrypted. The ALPN response includes the protocol to be used as selected by the server, offering confidentiality of this information from anyone observing the traffic that might be (Read more...)