Re: [Captive-portals] Robert Wilton's No Objection on draft-ietf-capport-api-07: (with COMMENT)
"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 22 June 2020 16:39 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E2CA3A0DC9; Mon, 22 Jun 2020 09:39:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=MOSABMyV; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Icq7SjJa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yFcz4NI8bF3H; Mon, 22 Jun 2020 09:39:16 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AACA63A0FDC; Mon, 22 Jun 2020 09:39:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19562; q=dns/txt; s=iport; t=1592843951; x=1594053551; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=f/yTVUvxtROJq4xfFOE+yHdNA+ucOoC60eRkWEHXfYE=; b=MOSABMyVIEm7fufESbRKi6aRA5tAnOtiTez7WleroujJVnUn4sNwHAAM 2uVTOIcgoq5KgvtwOjXcP69TCZvoN6Csf4oWYZpXUEFbdxfV9nOh56xMA B6/3SwvsHHN0TCTxnr1bnB1rytZtDiJP056QvnpLDNwOPSGDPTQAlX3Bp Q=;
X-IronPort-AV: E=Sophos;i="5.75,267,1589241600"; d="scan'208,217";a="788977266"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jun 2020 16:38:45 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 05MGcjHg021232 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 22 Jun 2020 16:38:45 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 22 Jun 2020 11:38:45 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 22 Jun 2020 12:38:44 -0400
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 22 Jun 2020 12:38:44 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ls0kuMltKSO0HehYvkJOlgkMS60P9epiYTBpha5+4d2wglGeobuiVChUJG+wh7gt6Fq/fHs8pmWLPnWw3bqe4XehomjfbBsEXARCqFNBq9NaxI5v/cRh+FTdA9wMDsk5v+R/KwC7yKerJAgoVYndDOZsIN8Y6LCAUnHdsJ+jLbGFGWhXz+Io2HLME4MaMrfN94ycEr2cqCgeLVFSMJXjR5p8CFct+uAxOV6vXbgWNcQVQA8MhS7Kwq8EiUzIPVAa5LMvfNgShascH8TY7dZ0LXXVKB1NJUiDxIuGhIWsmjYDylipiO5ZiLX6DmBhhYh9mWRdAI71yNxM4crPPcMn1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f/yTVUvxtROJq4xfFOE+yHdNA+ucOoC60eRkWEHXfYE=; b=HxeArfu74y+TbPCVIKo8vWlQvyGX0vyHSG88jZGaH5jCtafZL2//Vi0Y+icC5rxoyiR/zC9ThWJr6rKXL/zR/X2tatHz/cN76xaAbZYs/Pdjn1hTJttgeLhY/F1Up6YAwOWMsjLU8iep5JPx1ga7saU9DfpxHQyKdnq3eYhRUgOMP545NrHU6OjNDUk1/fb9lHmalAcxEyC10RYHkeUHZ/qrUKmrTMM+ISLhM5ZGELDOyE4P+8YWIGJCgxKeSbiE7I13TrcpoXw1b4cRHPCNp9aP0mznlWjcR+DuQLjxkj3xKdem1IihmF56OfHgGyiySQCnoTZMFIzBdGkptu0D8w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f/yTVUvxtROJq4xfFOE+yHdNA+ucOoC60eRkWEHXfYE=; b=Icq7SjJayvi6ZOUYIFyI3UcxDk/SVgp8MgGfIQANvqJgEIZdLgMs4lM+Q3DbcbwkBOiCAd5M/YWN1zj4NKplRAJYm5c3Vl61r5odtxE1eZO9if7li/urhsfLZUKCEKHOs4bMh/dFQybKoXlSdPucVduTM/k5UR5oVjZZQWfjwsU=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by MN2PR11MB4613.namprd11.prod.outlook.com (2603:10b6:208:26d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Mon, 22 Jun 2020 16:38:43 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::e9d4:79b5:aef1:be18]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::e9d4:79b5:aef1:be18%5]) with mapi id 15.20.3109.027; Mon, 22 Jun 2020 16:38:43 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
CC: "capport-chairs@ietf.org" <capport-chairs@ietf.org>, "captive-portals@ietf.org" <captive-portals@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-capport-api@ietf.org" <draft-ietf-capport-api@ietf.org>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: [Captive-portals] Robert Wilton's No Objection on draft-ietf-capport-api-07: (with COMMENT)
Thread-Index: AQHWP+H0ka3by6GQ+E+FT7GfXM/r56jTpS+AgAAAy4CAET24AIAAA1ZQ
Date: Mon, 22 Jun 2020 16:38:43 +0000
Message-ID: <MN2PR11MB4366181A27C457A47760E962B5970@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <159187426163.11035.11823958603457067416@ietfa.amsl.com> <F01F66DF-E679-47ED-BCBF-75CD9DC5C470@apple.com> <MN2PR11MB436632CA83692B16C923938AB5970@MN2PR11MB4366.namprd11.prod.outlook.com> <3B8A4194-7F0C-404B-AED3-CB4A7E371F5E@apple.com>
In-Reply-To: <3B8A4194-7F0C-404B-AED3-CB4A7E371F5E@apple.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [82.15.79.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 260dd289-4455-44c7-59ac-08d816caba42
x-ms-traffictypediagnostic: MN2PR11MB4613:
x-microsoft-antispam-prvs: <MN2PR11MB46131E30D3F366814624BD45B5970@MN2PR11MB4613.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0442E569BC
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oCs4VSleNC2zJUCwfq1WHdwcpifEI+YBKGMHt8I8SZyBzRjmcm7igT0emccguBIi0BV7mOrWYSNb3xrIAuzrmTSJYs69267uXn0yg6VoWPmaEip1vF/6Rm10C8tw22XlmFvBz/W+Cir0xC6h1isMotXhhnIx3WIF8FxVyvy7AVlJ5WZ4QF6u57IiBT2Em9HUK6oAgYIh8mfpOhqtpgB3h2GFv4ElFAuqfepODBm6ruJoUQ4VT4b3TUmTOddqyRiRni8YSfQJP9Bgv+MwB+mX+7B0I5TiIqdsl/Vyr98gh0eHXH4SrhgompIadJf5j2BRSxGlkWlddk8I0OSBn6l0VRZYcYLCSPL0F/4D9ielWOicMliIKd5I6CHTbNqlyj7FxBHUcTlHDDxy2uR417AwiA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4366.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(39860400002)(346002)(136003)(396003)(366004)(83380400001)(9686003)(71200400001)(55016002)(26005)(52536014)(8676002)(2906002)(316002)(166002)(86362001)(54906003)(186003)(8936002)(33656002)(5660300002)(66476007)(478600001)(9326002)(66946007)(76116006)(66446008)(64756008)(7696005)(6506007)(53546011)(4326008)(66556008)(966005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: GTR24+np5Y3ehQEsSYU09CzYk6yzIujLyxKcbxHHLFgtZTLngcMcyRxdFbTLeMZUAk4foxLLZcEZrAWO3Uw/cjy49dPV5DpbZuW79z8LRDv9P5sGgyazAd59jFRiV6QCPq6s3lipcN+ItMzUfWlFA1m1aE16mciRPR31x3AaYmVRFzBmHb+KHpbIpj400BQSzLZzetXsEmTtdScAhDE0+6tMgvyAp0HPT6/CTUH+6JEZdEfql/N0jJkOutaNlwKuXYy1Uh5E2FMiN+iIAdaoYHyFI/kQSOFoGkHPt3Zf7PfhiZIufdpr9JgXLj1CxtvO33WnMuUMmtpVUBSz1hlRPA/3fd3W74yTrA2XP7xSCE/9rQ764yJdpcd53eRkxJMZVmgaHZ7muIyvtbTOlzloQWDLUiB2o+/Riu3+ssF/P0lCeyUVpQHawSBaL+XAbxveEyO1W+qUoj1Hvlgjd4BzJYa600BLA+x2RsA91unbZRA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4366181A27C457A47760E962B5970MN2PR11MB4366namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 260dd289-4455-44c7-59ac-08d816caba42
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2020 16:38:43.6430 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: z6evX+7GK6lOnWLpB+WVdsqIvPndyYvQEQN0977Q2aZIo1WeK5ZQMHF2pLgMv6Ym3dBbUm1zlLVF2jD6ErcY9w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4613
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/bYYMxmeb2dMNbWdGFW6O4VsnLsw>
Subject: Re: [Captive-portals] Robert Wilton's No Objection on draft-ietf-capport-api-07: (with COMMENT)
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2020 16:39:22 -0000
Hi Tommy, That sounds okay with me. Thanks for clarifying. Regards, Rob From: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> Sent: 22 June 2020 17:25 To: Rob Wilton (rwilton) <rwilton@cisco.com> Cc: capport-chairs@ietf.org; captive-portals@ietf.org; The IESG <iesg@ietf.org>; draft-ietf-capport-api@ietf.org; Martin Thomson <mt@lowentropy.net> Subject: Re: [Captive-portals] Robert Wilton's No Objection on draft-ietf-capport-api-07: (with COMMENT) Hi Rob, Thanks for the example text for user consent, etc. I believe that at this point in how the CAPPORT API will be used, the main way that personal information is transmitted is in the web portal. The privacy text in -08 was updated from the -07 version to not imply that it is the API JSON itself: "Information passed between a client and the user-facing web portal may include a user's personal information…” My interpretation of requirements like GDPR is that they’d be then applying to what shows on the web portal that the API server points to, at which point the consent and terms can and should be shown in a normal web page flow. However, for future extensions to the CAPPORT API that could allow captive portal interaction without a webpage, but done more “automatically”, I do think this kind of text will be necessary. So, I think for now, we leave this for future updates? Best, Tommy On Jun 22, 2020, at 9:18 AM, Rob Wilton (rwilton) <rwilton=40cisco.com@dmarc.ietf.org<mailto:rwilton=40cisco.com@dmarc.ietf.org>> wrote: Hi Tommy, Just one (belated) comment at the end ... 7.1. Privacy Considerations Possibly worth adding a comment about the necessity to keep personal information secure. In addition, should there be any comments about GDPR like constraints (if they apply)? This section has also be reworded slightly to make this more clear. I’m not sure if there’s anything we can state for GDPR or similar constraints here. I think that would mainly apply to what is shown in the user portal, not the API interaction. [RW] FWIW, I saw this text in another document that I'm reviewing now, and is was something along these lines that I was originally thinking of when I posted the original comment: When sharing personally identifiable information or information that is otherwise considered confidential to affected users, SET Transmitters and Recipients MUST have the appropriate legal agreements and user consent or terms of service in place. Furthermore, data that needs confidentiality protection MUST be encrypted, at least with TLS and sometimes also using JSON Web Encryption (JWE) [RFC7516]. In some cases, subject identifiers themselves may be considered sensitive information, such that their inclusion within a SET may be considered a violation of privacy. SET Issuers should consider the ramifications of sharing a particular subject identifier with a SET Recipient (e.g., whether doing so could enable correlation and/or de- anonymization of data) and choose appropriate subject identifiers for their use cases. I.e. if user identifiable information is being carried over the CAPPORT API, then IANAL, etc, but I think that GDPR would require that the user had given consent in some way before any personally identifiable information is transmitted. I'll leave it to you to decide if that is a valid consideration for the privacy section. Regards, Rob Best, Tommy Thanks, Rob _______________________________________________ Captive-portals mailing list Captive-portals@ietf.org<mailto:Captive-portals@ietf.org> https://www.ietf.org/mailman/listinfo/captive-portals
- [Captive-portals] Robert Wilton's No Objection on… Robert Wilton via Datatracker
- Re: [Captive-portals] Robert Wilton's No Objectio… Tommy Pauly
- Re: [Captive-portals] Robert Wilton's No Objectio… Rob Wilton (rwilton)
- Re: [Captive-portals] Robert Wilton's No Objectio… Tommy Pauly
- Re: [Captive-portals] Robert Wilton's No Objectio… Rob Wilton (rwilton)