Eliot Lear wrote on 2022-09-29 22:45:>> ...
I think the key point here is that sometimes observability is a feature and not a bug. This is particularly important in industrial/critical infrastructure. That observability can be achieved in many ways. One question is whether the observability itself should itself be authorized.
as to that one question, my answer is a clear no. i use network observation to determine whether an end user or installed software or a device has been compromised. my observations of my private managed edge network must therefore not depend on getting permission from the people or things that use that network. (my network, my rules.)
permissions that make sense in a service provider network or a carrier network don't always make equal sense for a private managed private edge network.
for a lot of edge network operators that means wide area UDP will only be allowed from a few internal servers or to a few outside services. this won't hurt QUIC's deployment, so nobody has worried about it.
-- P Vixie
