[apps-discuss] Privacy Considerations for Internet Protocols (was: Fwd: I-D Action: draft-yevstifeyev-ftp-uri-scheme-04.txt)

SM <sm@resistor.net> Sat, 09 July 2011 17:10 UTC

Return-Path: <sm@resistor.net>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A8C721F877B; Sat, 9 Jul 2011 10:10:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mkj1BR9ygdib; Sat, 9 Jul 2011 10:10:56 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B74121F8888; Sat, 9 Jul 2011 10:10:55 -0700 (PDT)
Received: from subman.resistor.net (IDENT:sm@localhost [127.0.0.1]) by mx.elandsys.com (8.14.4/8.14.5.Beta0) with ESMTP id p69HAgxm012813; Sat, 9 Jul 2011 10:10:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1310231450; bh=Wsl/ozWYRdNRZgVNAHoFvdsnYwXjHvUlC/LFF1lwLdg=; h=Message-Id:X-Mailer:Date:To:From:Subject:Cc:In-Reply-To: References:Mime-Version:Content-Type; b=Wh/TOWWo7zyVHPEcYZmyJPpPX8Bk0GEbgxqmPSe62yQrOw8d2nj9mipgyVWc7k5Zv /R1CI8MPQo28cXdvmIvlgH+CJJ5LgCYGFCnsl5dwwxHPQrlEtIaLJMphM5z52tgqeS RzPNRepw9PITaSP40g7Fye+EGwRpUBwIlGQmEFuc=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1310231450; bh=Wsl/ozWYRdNRZgVNAHoFvdsnYwXjHvUlC/LFF1lwLdg=; h=Message-Id:X-Mailer:Date:To:From:Subject:Cc:In-Reply-To: References:Mime-Version:Content-Type; b=PcLOYYdTsd7+yx62SxbW34ebfFQBqaRCjFMe/xKS8fp0WbLttBqsq/j0br6G9IIxB dguRWLKAmrgGyME48+uB1VxpDn2W9cj9AgmdGZ4Ufv9FSJ7pUIEc1oWwa9QnE04wgA mHHe01/LZVPQoxuaaV4S34v6M4+FjeMQ4Z1dycUM=
Message-Id: <6.2.5.6.2.20110709074757.04899d20@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Sat, 09 Jul 2011 10:09:09 -0700
To: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
From: SM <sm@resistor.net>
In-Reply-To: <CAHhFybry+kayJ4-Z+JuA0iY3rALSiB=OKn5zC8VUFcUMuUtwcQ@mail.g mail.com>
References: <4E15C895.6020701@gmail.com> <CAHhFybq563a9+ivYuk83J3po_02nopeiu=mB3fO26f-o1Mwt0A@mail.gmail.com> <6.2.5.6.2.20110708105100.02fa9298@resistor.net> <CAHhFybry+kayJ4-Z+JuA0iY3rALSiB=OKn5zC8VUFcUMuUtwcQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: ietf-privacy@ietf.org, Apps-discuss list <apps-discuss@ietf.org>
Subject: [apps-discuss] Privacy Considerations for Internet Protocols (was: Fwd: I-D Action: draft-yevstifeyev-ftp-uri-scheme-04.txt)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jul 2011 17:10:58 -0000

Hi Frank,

I added a Cc to the ietf-privacy mailing list.  I suggest using that 
mailing list for further discussion.

At 13:04 08-07-2011, Frank Ellermann wrote:
>I'd like to have "privacy considerations" in all future I-Ds -
>it could be merged with the "security considerations" or even
>omitted as beside the point depending on the final RFC, but an
>indication in I-Ds that the authors "considered privacy" like
>"security" or "i18n" or "IANA" would be good.  If authors then
>decide that this is bureaucratic nonsense to be ignored for
>their purposes it worked as designed:  At least they spent the
>milliseconds to think about it.

draft-morris-policy-cons-00 discusses about Policy Considerations for 
Internet Protocols.  There is another I-D, 
draft-morris-privacy-considerations-03, that discusses about  Privacy 
Considerations for Internet Protocols.

The term "Network Access Identifier" is used in RFC 4282; it is the 
user identity submitted by the client during network access 
authentication.  A common identifier which is picked for user 
authentication is an email address as it offers uniqueness and it is 
easy for the user to remember.  That has privacy 
implications.  Disallowing "anonymous" (FTP) as the user name and the 
email address as the password does not solve the problem as 
credentials are required to access a protected resource.

Reality check, some users will:

  (i)   provide their email address

  (ii)  use guest@example.com

  (iii) pick a random email address which does not belong to them

The is ongoing work in the OAUTH WG on access to a protected resource 
using an intermediary which provides the access token.  That's one 
way to deal with the question of providing credentials to an unknown party.

draft-mayer-do-not-track-00 discusses about a HTTP header-based 
mechanism for users to express their preferences about 
tracking.  draft-vandergaast-edns-client-ip defines an EDNS0 
extension to carry relevant (client) network range information.

If you do not provide information within the layer, the information 
will be gleaned from other layers.  There are times when user consent 
is an explicit decision about the information to provide (see reality 
check) and there are times when it is an implicit decision; e.g. the 
terms of service that the user did not read.

If you would like to have "privacy considerations" in all future 
I-Ds, the above could get you started.

Regards,
-sm