IETF Logo Mail Archive

Re: [calsify] Benjamin Kaduk's Discuss on draft-ietf-calext-eventpub-extensions-13: (with DISCUSS and COMMENT)

Michael Douglass <mikeadouglass@gmail.com> Tue, 29 December 2020 20:39 UTC

Return-Path: <mikeadouglass@gmail.com>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B28973A09C5; Tue, 29 Dec 2020 12:39:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xSWE2ASlp09; Tue, 29 Dec 2020 12:39:40 -0800 (PST)
Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D3D73A09C3; Tue, 29 Dec 2020 12:39:39 -0800 (PST)
Received: by mail-qv1-xf35.google.com with SMTP id l7so6887477qvt.4; Tue, 29 Dec 2020 12:39:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=Q1kAmfgDBJvpytZiLZnTh7w4Qkr8ylhOeyZOOxPH8fk=; b=jyNKaYt//IrOxej+ntdgBxfIxbmQj4R+djRZo2vIIjzEop4W91+1YFa6WEEsZHtI85 4AFz0lsRelRV/vpNaunwdIC6dgt7WNl9bcC/Oixru/huE50Jll3ei7FFScWzvvqdHAM1 ojFHx0hvyfkkNDZgvobrN6KKTFa0Cf2MrbyStLox60TVTsfmHu05k9sp/0V9ZQIkr2Qr gwZ+8Q6Efn/mUMv1MBSOpvAHQNIJrUIPbQ0mbYTvKWB94QV8YgLN6N1R+0Q5GLU3NcmD qumVuSOePoEZSsrFpC7lNTDkI7KDBfc8i3UURDYkn9eIiM12pdGSZgsB0iu40aPGgKS0 MAxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=Q1kAmfgDBJvpytZiLZnTh7w4Qkr8ylhOeyZOOxPH8fk=; b=gZXnibyD9GPyUFBEXW7DiFac8QhTSY1lW5sF1T1oNAazBY2Z2aIsISLHf0vX6uLLlZ CIPH7LVCK9qucOkbtgQmA73Ugzkco6roj55/BDFOai0DGYxYP0xwOPqGfDIhCnpD+f8x CoGwKVf/NFdj4fgWIEwtqYCngO/uA1tcifmjTza30hC2HESwajxrDodgphjs48LfLpfU bn7Wz0qs1JG3Qa4kjid2R6jnY6m8T2QtWYEKL0YZCxJuPbIwqhfHXAYy4z9XXQ9+RH6X t82w1feHowKbt+Zpo7i/ng6yOT6ZOpGodjapSu/avYU/tDba7vheKihy4sJCK1rgoXBG Jo5Q==
X-Gm-Message-State: AOAM530Y25472JFILlsWyG6h97J52gMbRN9V2g+HUQaqK7II5KNUZc3k vfjTh8iTZlRGvezLa0NTxiK9KwUQb/PByg==
X-Google-Smtp-Source: ABdhPJwCqdbN3kPzehOTFsLhAfDXuwJh7z9aYKV1cAVmwmheNrUtUkMuovi9e6YF8TX9NMmhTAo9tg==
X-Received: by 2002:a05:6214:2b2:: with SMTP id m18mr52710008qvv.40.1609274378597; Tue, 29 Dec 2020 12:39:38 -0800 (PST)
Received: from MacBook-Pro-2019.local (cpe-74-70-70-237.nycap.res.rr.com. [74.70.70.237]) by smtp.googlemail.com with ESMTPSA id s19sm22262013qta.35.2020.12.29.12.39.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 29 Dec 2020 12:39:37 -0800 (PST)
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, draft-ietf-calext-eventpub-extensions@ietf.org, calext-chairs@ietf.org, calsify@ietf.org
References: <155908852723.25806.3708247030243239163.idtracker@ietfa.amsl.com> <a1aaacad-fe9b-fc43-2d5d-0537a6d4580c@gmail.com> <20201229183403.GZ89068@kduck.mit.edu>
From: Michael Douglass <mikeadouglass@gmail.com>
Message-ID: <8a7f12ad-8903-9bc5-9482-8e6cc1fd02a4@gmail.com>
Date: Tue, 29 Dec 2020 15:39:36 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
MIME-Version: 1.0
In-Reply-To: <20201229183403.GZ89068@kduck.mit.edu>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/0WFByTc7JeKUWnDMaYs9IFN2uTw>
Subject: Re: [calsify] Benjamin Kaduk's Discuss on draft-ietf-calext-eventpub-extensions-13: (with DISCUSS and COMMENT)
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2020 20:39:42 -0000

Thanks Benjamin.

I'm in the process of producing a new draft with fixes to some points 
raised by Barry and others.

Further comments on your suggestions...

On 12/29/20 13:34, Benjamin Kaduk wrote:
> Hi Michael,
>
> ...

> Thanks for these; I think we're all set on the Discuss front, now, and I'll
> update my ballot position in the datatracker after I send this message.
That's grerat.
> ...
>> I've added a comment in the privacy section and referred to that. Could
>> you take a look at that please?
> Yes, the new privacy (and security) considerations are much-improved!
> (Unrelated to this particular comment,) I would suggest one other
> improvement: currently we just say that "any network access of the URI data
> can be tracked", which as a phrase suggests to me that the tracking occurs
> "in the network", but of course the remote endpoint hosting the referenced
> resource will have a very authoritative view of who is accessing it and
> when.  So perhaps "can be tracked both by a network observer and by the
> entity hosting the remote resource" (or similar)?
I'll take a look
> ...
>
> We probably should go a little further and note that this may facilitate
> tracking of individuals or malicious actions targeted against them at
> the known location/time pair.
>> I've added more text and aligned this to some extent with jscalendar.
> As mentioned above, I do appreciate the added text, but it doesn't seem to
> capture my intended point here.  Specifically, calendaring rather
> intrinsically has the property that it provides information about a future
> time when a given individual will be at a particular location, which could
> enable further (targeted) attacks against that individual.  Most other
> sources of tracking information about people are retrospective, not
> future-looking, so I wanted to have this aspect emphasized.

Good point and happy to do so. Events of late have served to make me 
more concerned about privacy issues.

I guess it's a bit of a side issue but I'm pretty convinced that these 
are more protocol issues than data schema and representation. For 
example, it's undeniably (I believe) a good thing to have a place to 
store the expected location of an attendee. It's also a good thing for 
an organizer to be able to have that information when trying to come up 
with a good meeting time.

However, it's not a good thing for the organizer to have free access to 
that information without the attendee being aware of how it is to be 
used and stored and shared. Those issues are related to how we design 
protocols and services. I'm pretty much convinced that the client/server 
model is inherently unsafe and a more peer-to-peer model is the only 
safe approach. Given our always online world I believe we can build 
those services without handing over the data to 3rd parties (who then 
wittingly or unwittingly hand them on to 4th, 5th etc parties).


> Thanks again for the updates!
>
> -Ben

v2.23.0 | Report a Bug | By Email