Re: [alto] Working on a draft of security and privacy issues in ALTO and its extension.

Qiao Xiang <> Thu, 14 June 2018 00:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B613D130EC8 for <>; Wed, 13 Jun 2018 17:24:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zoMKgsOzn_Oe for <>; Wed, 13 Jun 2018 17:24:40 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D72A9130EBD for <>; Wed, 13 Jun 2018 17:24:39 -0700 (PDT)
Received: by with SMTP id v131-v6so8597885wma.1 for <>; Wed, 13 Jun 2018 17:24:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=nKxCsNgcWY8XOeFB/Zv31wXXPsn2z6LY6UMRFp+rUk8=; b=TXXsDVeG0lB0EbDnK14OQF3OwM1ZP8xwPcxR+a/+/22uZYc20b3mLneMZe567SEpfh c14MWRYndDXD+YQt1oO6M6c53jhb9Fic22vsrF9quhJ7BmnBW1U/e2iv8hM5YwORi3tc AIz3uZgldLnfSdCOQ0pjNRDkXKForNfKsBu52yawPUKcIGzBwkuUKmFz/0kLTRJqHXFy JyFy5jsrbqthNAml58HR9R7nWEHIjM26bZbfKUqs5rFa1pRF8Jio+xKInmJRtfz76HDx sWwVJbXN+XkK84iwsi1ElAS0U0EbcIH1groiG2N1wK1up17ihs+4agzSdo2/ntYqorRw Riiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=nKxCsNgcWY8XOeFB/Zv31wXXPsn2z6LY6UMRFp+rUk8=; b=rMiy2L9sjnTIeYrr0gffO1CJ1cQPh37njQy02m43gS+oNBJmxCoI5KrEJ/pa2hJQ1E poGRHNP3KoRGG/6PWHgcoPwscgBEstxJ4ArDF7Ul5goO0UeevfPcrPQtCY0yKJDZHP2G XWN0v1atE632VhkHqyFkVkOzXGCAoqNVfJwOz37ZwRAU+aLUwKsCbacu3CrADhJB6CHa Ibt7sDvFkjGjsMEO0C6qxO+M8jXJWAffzcI8hhShe+mc2l+qrSwIaOgZH3DCxzgEbhwe y2+YT6xKYWbXMPpCbVUkJthMyrgB+pRLrCN8Y4lejeLz5sKz58W3/YXmOAXLfympI+0x OO4Q==
X-Gm-Message-State: APt69E3l48wBPvksUbi1C+7Q8vobvYbSgE4fwzIc+lSY/Zqr8BjdvcSC WVataFTZ5PRbO+Bd0664xURrlJ4T7MIOCOSK3zs1rg==
X-Google-Smtp-Source: ADUXVKJfev4MJkpLx+cvVVcqigMtVeMWTovCEI4kXOMiQ+XmDQAuUFao4Dq4C3r7Hm4jzkPjFrhQ375uUzoPBIGUves=
X-Received: by 2002:a50:ccc8:: with SMTP id b8-v6mr315235edj.98.1528935878132; Wed, 13 Jun 2018 17:24:38 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Qiao Xiang <>
Date: Wed, 13 Jun 2018 20:24:26 -0400
Message-ID: <>
Content-Type: multipart/mixed; boundary="000000000000e6aef7056e8f1f61"
Archived-At: <>
Subject: Re: [alto] Working on a draft of security and privacy issues in ALTO and its extension.
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Jun 2018 00:24:43 -0000

Dear all,

Attached is a deck of slides summarizing the privacy issues in current ALTO
extensions. This is still a work-in-progress. I will continue to work on
this draft and send updates to the group. Meantime, any comment from the WG
would be greatly appreciated.


On Mon, Jun 11, 2018 at 11:09 PM Qiao Xiang <> wrote:

> Dear WG members,
> As each new ALTO extensions may introduce different security and privacy
> issues, I feel that we are missing a comprehensive investigation on such
> issues. To this end, I am working on a draft to systematically understand
> such issues in ALTO and its extensions. To start with, I am summarizing all
> raised such issues in published ALTO RFCs, WG drafts and personal drafts.
> Then I am planning to propose design options and implementation guidelines
> to cope with these issues.
> I will post my summary and thoughts on this draft to the mailing list in
> the next few days. Meanwhile, if you have any comments or are interested in
> working on this together, please let me know. Thank you very much.
> Best wishes
> Qiao Xiang
> --
> Qiao Xiang
> Postdoctoral Fellow,
> Department of Computer Science,
> Yale University

Qiao Xiang
Postdoctoral Fellow,
Department of Computer Science,
Yale University