Re: [alto] Working on a draft of security and privacy issues in ALTO and its extension.

Qiao Xiang <xiangq27@gmail.com> Thu, 14 June 2018 00:24 UTC

Return-Path: <xiangq27@gmail.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B613D130EC8 for <alto@ietfa.amsl.com>; Wed, 13 Jun 2018 17:24:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zoMKgsOzn_Oe for <alto@ietfa.amsl.com>; Wed, 13 Jun 2018 17:24:40 -0700 (PDT)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D72A9130EBD for <alto@ietf.org>; Wed, 13 Jun 2018 17:24:39 -0700 (PDT)
Received: by mail-wm0-x232.google.com with SMTP id v131-v6so8597885wma.1 for <alto@ietf.org>; Wed, 13 Jun 2018 17:24:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=nKxCsNgcWY8XOeFB/Zv31wXXPsn2z6LY6UMRFp+rUk8=; b=TXXsDVeG0lB0EbDnK14OQF3OwM1ZP8xwPcxR+a/+/22uZYc20b3mLneMZe567SEpfh c14MWRYndDXD+YQt1oO6M6c53jhb9Fic22vsrF9quhJ7BmnBW1U/e2iv8hM5YwORi3tc AIz3uZgldLnfSdCOQ0pjNRDkXKForNfKsBu52yawPUKcIGzBwkuUKmFz/0kLTRJqHXFy JyFy5jsrbqthNAml58HR9R7nWEHIjM26bZbfKUqs5rFa1pRF8Jio+xKInmJRtfz76HDx sWwVJbXN+XkK84iwsi1ElAS0U0EbcIH1groiG2N1wK1up17ihs+4agzSdo2/ntYqorRw Riiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=nKxCsNgcWY8XOeFB/Zv31wXXPsn2z6LY6UMRFp+rUk8=; b=rMiy2L9sjnTIeYrr0gffO1CJ1cQPh37njQy02m43gS+oNBJmxCoI5KrEJ/pa2hJQ1E poGRHNP3KoRGG/6PWHgcoPwscgBEstxJ4ArDF7Ul5goO0UeevfPcrPQtCY0yKJDZHP2G XWN0v1atE632VhkHqyFkVkOzXGCAoqNVfJwOz37ZwRAU+aLUwKsCbacu3CrADhJB6CHa Ibt7sDvFkjGjsMEO0C6qxO+M8jXJWAffzcI8hhShe+mc2l+qrSwIaOgZH3DCxzgEbhwe y2+YT6xKYWbXMPpCbVUkJthMyrgB+pRLrCN8Y4lejeLz5sKz58W3/YXmOAXLfympI+0x OO4Q==
X-Gm-Message-State: APt69E3l48wBPvksUbi1C+7Q8vobvYbSgE4fwzIc+lSY/Zqr8BjdvcSC WVataFTZ5PRbO+Bd0664xURrlJ4T7MIOCOSK3zs1rg==
X-Google-Smtp-Source: ADUXVKJfev4MJkpLx+cvVVcqigMtVeMWTovCEI4kXOMiQ+XmDQAuUFao4Dq4C3r7Hm4jzkPjFrhQ375uUzoPBIGUves=
X-Received: by 2002:a50:ccc8:: with SMTP id b8-v6mr315235edj.98.1528935878132; Wed, 13 Jun 2018 17:24:38 -0700 (PDT)
MIME-Version: 1.0
References: <CAOB1xS-KsznMzf+OMXFS09Z3eVPomwpzJ4r_J11_wSxiKOzu-A@mail.gmail.com>
In-Reply-To: <CAOB1xS-KsznMzf+OMXFS09Z3eVPomwpzJ4r_J11_wSxiKOzu-A@mail.gmail.com>
From: Qiao Xiang <xiangq27@gmail.com>
Date: Wed, 13 Jun 2018 20:24:26 -0400
Message-ID: <CAOB1xS9kAwhJdSGmw4B+h90o-w7=fvc5QzrDxf3RmXi8u2++Dw@mail.gmail.com>
To: IETF ALTO <alto@ietf.org>
Content-Type: multipart/mixed; boundary="000000000000e6aef7056e8f1f61"
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/kVoaEDJCD9m8D2RBti5m9KAdAcs>
Subject: Re: [alto] Working on a draft of security and privacy issues in ALTO and its extension.
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jun 2018 00:24:43 -0000

Dear all,

Attached is a deck of slides summarizing the privacy issues in current ALTO
extensions. This is still a work-in-progress. I will continue to work on
this draft and send updates to the group. Meantime, any comment from the WG
would be greatly appreciated.


Best
Qiao

On Mon, Jun 11, 2018 at 11:09 PM Qiao Xiang <xiangq27@gmail.com> wrote:

> Dear WG members,
>
> As each new ALTO extensions may introduce different security and privacy
> issues, I feel that we are missing a comprehensive investigation on such
> issues. To this end, I am working on a draft to systematically understand
> such issues in ALTO and its extensions. To start with, I am summarizing all
> raised such issues in published ALTO RFCs, WG drafts and personal drafts.
> Then I am planning to propose design options and implementation guidelines
> to cope with these issues.
>
> I will post my summary and thoughts on this draft to the mailing list in
> the next few days. Meanwhile, if you have any comments or are interested in
> working on this together, please let me know. Thank you very much.
>
>
> Best wishes
> Qiao Xiang
> --
> Qiao Xiang
> Postdoctoral Fellow,
> Department of Computer Science,
> Yale University
>


-- 
Qiao Xiang
Postdoctoral Fellow,
Department of Computer Science,
Yale University