[alto] Working on a draft of security and privacy issues in ALTO and its extension.
Qiao Xiang <xiangq27@gmail.com> Tue, 12 June 2018 03:09 UTC
Return-Path: <xiangq27@gmail.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEDF7130EFF for <alto@ietfa.amsl.com>; Mon, 11 Jun 2018 20:09:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d_K74EJAegCQ for <alto@ietfa.amsl.com>; Mon, 11 Jun 2018 20:09:56 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0C4F130DE2 for <alto@ietf.org>; Mon, 11 Jun 2018 20:09:55 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id r15-v6so17911087wmc.1 for <alto@ietf.org>; Mon, 11 Jun 2018 20:09:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=OJeQah1bP6tvIeGy9U1djCixizKP3vdfe6ks5CZQRRk=; b=GiVFOnpicAmZXEwbB0L51zj5GJCIPUkUFQd52cozsUcXOINME2n0D6Q/pbWLhvF+/+ lIEpuPAo8ERYKEoAZvRA+CsmKDwQetH47xjX/otF1TGyv9hcS4WWyArJkdZNWYS9Te5M 2RXpcJEwJiru5FoVAomujmpwUJBD++F/0BlhBMxWV+UnRcwLD6W0RRgAAel//P+J4Se5 +fWGUBrzaoA6yiEE7CzoGoyFsoXr+67TZruf5yERanFHNjL/paUxUMdBCq/w98qZlGyo 0dWT1b4kqMIQ2QMDp8XtFMOIhq2Io9SO1W1/a/5iDDWh0FRHSp3OJ3+u0zqFSX8DOTcd i6SQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=OJeQah1bP6tvIeGy9U1djCixizKP3vdfe6ks5CZQRRk=; b=pesWrYWmv+Vcn1yXaLtvKKNMTY/3DkbmgZF51MIAd9X1MJMFPiDHqlwvlYNgmigFL5 E1JY5LuS+yl6WQQk8Nan3FcCcnrbwf5cCwbmriXmarWyM+rUXQ57LjEYhZSkqLZK8VqA tuCzWBlRmfgMwNXE2iIiGUdHC5DuH0fs/Sz9GIbsZ+BKBQBFrZDE1xAgrHgW5ektPT92 sOtBHtJ6a+mPVciIqys7Tz53I/oLHcUb1jVNSXd3iGW68RyiLZv7n8oEFuVuE0V3SYQ2 kO2dPQLTih/fK/QJuRECLDz6sA2QZ0MJYOAmxnP7a8Maak3bpjiA3CcU1FONiPDD9Uw+ WxHA==
X-Gm-Message-State: APt69E2/06zQzuHpvXd3nNxTutNPTkH5TtfKjVVzxIoTVIl83N0e1oFj /tcGR9nO1NjT7udWm/PMOoJ7Pn6MuffpDamihOZYDA==
X-Google-Smtp-Source: ADUXVKJSkstCewZYjFRg2kcp87zSiCZWJFgoN0Xq/fULF84FWtejVfmllu94VqFcVK2XWbjjy7wJuIuWR8wOH8+mA8A=
X-Received: by 2002:a50:8ad5:: with SMTP id k21-v6mr1730415edk.36.1528772993949; Mon, 11 Jun 2018 20:09:53 -0700 (PDT)
MIME-Version: 1.0
From: Qiao Xiang <xiangq27@gmail.com>
Date: Mon, 11 Jun 2018 23:09:39 -0400
Message-ID: <CAOB1xS-KsznMzf+OMXFS09Z3eVPomwpzJ4r_J11_wSxiKOzu-A@mail.gmail.com>
To: IETF ALTO <alto@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003f2407056e6933c4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/9aQMJYjNRNT8a1P3VZOOg5O0N_w>
Subject: [alto] Working on a draft of security and privacy issues in ALTO and its extension.
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2018 03:09:59 -0000
Dear WG members, As each new ALTO extensions may introduce different security and privacy issues, I feel that we are missing a comprehensive investigation on such issues. To this end, I am working on a draft to systematically understand such issues in ALTO and its extensions. To start with, I am summarizing all raised such issues in published ALTO RFCs, WG drafts and personal drafts. Then I am planning to propose design options and implementation guidelines to cope with these issues. I will post my summary and thoughts on this draft to the mailing list in the next few days. Meanwhile, if you have any comments or are interested in working on this together, please let me know. Thank you very much. Best wishes Qiao Xiang -- Qiao Xiang Postdoctoral Fellow, Department of Computer Science, Yale University