[alto] Working on a draft of security and privacy issues in ALTO and its extension.
Qiao Xiang <xiangq27@gmail.com> Tue, 12 June 2018 03:09 UTC
Return-Path: <xiangq27@gmail.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id EEDF7130EFF
for <alto@ietfa.amsl.com>; Mon, 11 Jun 2018 20:09:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25,
FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id d_K74EJAegCQ for <alto@ietfa.amsl.com>;
Mon, 11 Jun 2018 20:09:56 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com
[IPv6:2a00:1450:400c:c09::233])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id B0C4F130DE2
for <alto@ietf.org>; Mon, 11 Jun 2018 20:09:55 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id r15-v6so17911087wmc.1
for <alto@ietf.org>; Mon, 11 Jun 2018 20:09:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=OJeQah1bP6tvIeGy9U1djCixizKP3vdfe6ks5CZQRRk=;
b=GiVFOnpicAmZXEwbB0L51zj5GJCIPUkUFQd52cozsUcXOINME2n0D6Q/pbWLhvF+/+
lIEpuPAo8ERYKEoAZvRA+CsmKDwQetH47xjX/otF1TGyv9hcS4WWyArJkdZNWYS9Te5M
2RXpcJEwJiru5FoVAomujmpwUJBD++F/0BlhBMxWV+UnRcwLD6W0RRgAAel//P+J4Se5
+fWGUBrzaoA6yiEE7CzoGoyFsoXr+67TZruf5yERanFHNjL/paUxUMdBCq/w98qZlGyo
0dWT1b4kqMIQ2QMDp8XtFMOIhq2Io9SO1W1/a/5iDDWh0FRHSp3OJ3+u0zqFSX8DOTcd
i6SQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=OJeQah1bP6tvIeGy9U1djCixizKP3vdfe6ks5CZQRRk=;
b=pesWrYWmv+Vcn1yXaLtvKKNMTY/3DkbmgZF51MIAd9X1MJMFPiDHqlwvlYNgmigFL5
E1JY5LuS+yl6WQQk8Nan3FcCcnrbwf5cCwbmriXmarWyM+rUXQ57LjEYhZSkqLZK8VqA
tuCzWBlRmfgMwNXE2iIiGUdHC5DuH0fs/Sz9GIbsZ+BKBQBFrZDE1xAgrHgW5ektPT92
sOtBHtJ6a+mPVciIqys7Tz53I/oLHcUb1jVNSXd3iGW68RyiLZv7n8oEFuVuE0V3SYQ2
kO2dPQLTih/fK/QJuRECLDz6sA2QZ0MJYOAmxnP7a8Maak3bpjiA3CcU1FONiPDD9Uw+
WxHA==
X-Gm-Message-State: APt69E2/06zQzuHpvXd3nNxTutNPTkH5TtfKjVVzxIoTVIl83N0e1oFj
/tcGR9nO1NjT7udWm/PMOoJ7Pn6MuffpDamihOZYDA==
X-Google-Smtp-Source: ADUXVKJSkstCewZYjFRg2kcp87zSiCZWJFgoN0Xq/fULF84FWtejVfmllu94VqFcVK2XWbjjy7wJuIuWR8wOH8+mA8A=
X-Received: by 2002:a50:8ad5:: with SMTP id
k21-v6mr1730415edk.36.1528772993949;
Mon, 11 Jun 2018 20:09:53 -0700 (PDT)
MIME-Version: 1.0
From: Qiao Xiang <xiangq27@gmail.com>
Date: Mon, 11 Jun 2018 23:09:39 -0400
Message-ID: <CAOB1xS-KsznMzf+OMXFS09Z3eVPomwpzJ4r_J11_wSxiKOzu-A@mail.gmail.com>
To: IETF ALTO <alto@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003f2407056e6933c4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/9aQMJYjNRNT8a1P3VZOOg5O0N_w>
Subject: [alto] Working on a draft of security and privacy issues in ALTO
and its extension.
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list"
<alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>,
<mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>,
<mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2018 03:09:59 -0000
Dear WG members, As each new ALTO extensions may introduce different security and privacy issues, I feel that we are missing a comprehensive investigation on such issues. To this end, I am working on a draft to systematically understand such issues in ALTO and its extensions. To start with, I am summarizing all raised such issues in published ALTO RFCs, WG drafts and personal drafts. Then I am planning to propose design options and implementation guidelines to cope with these issues. I will post my summary and thoughts on this draft to the mailing list in the next few days. Meanwhile, if you have any comments or are interested in working on this together, please let me know. Thank you very much. Best wishes Qiao Xiang -- Qiao Xiang Postdoctoral Fellow, Department of Computer Science, Yale University