RFC 7258 Quiz

Pervasive Monitoring Is an Attack

🇺🇸 🇯🇵

0 / 0

References (URLs)

RFC 7258: Pervasive Monitoring Is an Attack

Goal: translate a threat model statement into concrete protocol and deployment decisions.

Show explanation immediately Show all answers

Q1: Treating pervasive monitoring as an attack primarily means

Multiple Choice

A. Monitoring is illegal everywhere B. Protocol designers should assume large scale passive observers exist and reduce exposure C. Encryption is forbidden because it blocks debugging

**Explanation:** **Correct (B):** It is a threat model position, not a legal claim

Q2: Design choices that generally reduce exposure to pervasive monitoring include (select all)

Multi-Select

A. Encrypt by default for data in transit B. Minimize cleartext metadata when feasible C. Avoid protocol ossification on exposed fields when possible D. Add new cleartext identifiers for easier correlation

**Explanation:** **Correct (A,B,C):** The goal is to make passive observation less useful and harder to scale **Options:** - D (incorrect): That increases linkability

Q3: A common misunderstanding is that encryption

Multiple Choice

A. Makes authentication automatic B. Eliminates all metadata C. Solves every security problem

**Explanation:** **Correct (C):** Encryption helps, but many threats remain, including endpoint compromise and traffic analysis

Q4: Your protocol sends user identifiers in cleartext to allow caching. Under the RFC 7258 mindset, what is a reasonable next step

Multiple Choice

A. Re evaluate whether the identifier can be avoided, encrypted, or replaced with a less linkable token B. Add more identifiers to improve analytics C. Assume observers cannot collect traffic at scale

**Explanation:** **Correct (A):** Pervasive monitoring focuses on large scale correlation value of metadata

Q5: Which statement best captures the document's intent

Multiple Choice

A. Ban all monitoring equipment B. Encourage the IETF community to consider pervasive monitoring in security considerations and protocol design C. Require every system to implement onion routing

**Explanation:** **Correct (B):** It frames PM as an attacker class to be considered

Q6: What kind of data can remain exposed and still enable large scale correlation even when payload is encrypted (one word)

Short Text

**Explanation:** **Correct:** metadata