In the long lineage of RFCs that shape how the internet ought to work, RFC 7258 takes a different tone. It’s not describing a wire protocol or network algorithm, instead, it’s a declaration of threat model, a statement that reframes privacy surveillance as a first-class concern for internet architecture.
Officially titled “Pervasive Monitoring Is an Attack”, this document was published in May 2014 as a Best Current Practice (BCP) by the IETF, reflecting broad consensus among internet standards engineers that pervasive, indiscriminate surveillance is a technical attack that should be mitigated where possible in protocol design.
What “Pervasive Monitoring” Really Means
At first glance, “pervasive monitoring” sounds like political or social commentary, but RFC 7258 defines it in technical terms:
- It’s a form of surveillance involving intrusive gathering of communications data.
- That includes both content and metadata, such as packet headers, timing information, and traffic patterns.
It may use active or passive wiretaps, traffic analysis, or even subversion of cryptographic keys.
The key observation in the RFC is that this isn’t some exotic new exploit, it’s indiscriminate and large-scale, meaning the threat isn’t just that someone can spy but that they can do it everywhere at once. That scale is what makes it an “attack” in the technical sense used by the IETF, not implying intent or malice per se, but that the activity subverts the intent of communicators without their agreement.
A Subtle but Significant Shift in Threat Modeling
What makes RFC 7258 especially noteworthy isn’t just its conclusion, it’s its framing. Prior to this, many standards focused heavily on specific security threats, like buffer overflows or protocol abuse. But privacy-related threats, especially at scale, were not always treated as “attacks” in their own right.
By declaring pervasive monitoring a technical attack, the IETF signaled a design philosophy shift: privacy isn’t an afterthought, and defending against mass observation belongs in the realm of protocol engineering as much as defending against code exploits.
Real-World Legacy
RFC 7258 arrived partly in response to public revelations about widespread internet surveillance in the early 2010s. While the RFC doesn’t reference specific events by name, its timing and emphasis match broader concerns in the networking community about large-scale interception and data collection.
Since then:
- Encryption has proliferated everywhere from web traffic (HTTPS) to email and messaging protocols.
- New transport designs like QUIC emphasize encrypted headers for exactly the reason RFC 7258 highlights.
- Discussions about metadata leakage have become central to privacy-focused protocol design.
In other words, the legacy of privacy as an attack surface has influenced both standards and implementations beyond the IETF walls.
What’s an RFC?
A Request for Comment (RFC) is a formal document created by the IETF and other standards bodies that defines everything from internet protocols, networking architectures and best practices.
RFCs are how the internet evolves. Many of the protocols you use every day like TCP/IP, DNS, HTTP, BGP, SMTP, all originated as RFCs.
They’re publicly available, versioned, and archived for anyone to study.
If you’re new to RFCs, these are excellent starting points:
- How to Read an RFC: https://www.ietf.org/blog/how-read-rfc/
- RFC Availability & Use: https://www.ietf.org/process/rfcs/#availability-and-use
Ctrl+Alt+Route 
Leave a comment