Analysis and Consideration on Management of Encrypted Traffic

TL;DR

This paper reviews methods for managing encrypted network traffic, focusing on extending existing protocols or creating new layers to access necessary management information while maintaining security.

Contribution

It compares two main approaches for encrypted traffic management: protocol extension and new protocol layer introduction, providing insights and future recommendations.

Findings

Extending protocols like TLS can facilitate management access.

Introducing new protocol layers like PLUS can separate management info from encrypted payload.

Recommendations for future research and stakeholder discussions are proposed.

Abstract

Encrypted traffic poses new and unique challenges for network operators because information that is useful or necessary for management purposes is not accessible anymore. This paper examines proposed approaches to provide end-to-end encryption as well as ways to provide the access to the needed information for network management. The two main approaches we consider are 1.- extending and adapting a widely deployed protocol such as TLS, so that information necessary for network management can be obtained; and 2.- introducing a new protocol layer, such as PLUS, that contains the necessary information outside of the encrypted payload. In this paper we discuss different aspects of these approaches in order to give recommendations for future work and suggest to raise awareness by establishing venues where discussions between interested parties can take place.