IETF Logo Mail Archive

Re: [datatracker-rqmts] New Requirement

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 15 November 2010 20:36 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: datatracker-rqmts@core3.amsl.com
Delivered-To: datatracker-rqmts@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 49E2D3A6D23 for <datatracker-rqmts@core3.amsl.com>; Mon, 15 Nov 2010 12:36:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.202
X-Spam-Level:
X-Spam-Status: No, score=-100.202 tagged_above=-999 required=5 tests=[AWL=-0.242, BAYES_20=-0.74, HELO_MISMATCH_COM=0.553, SARE_SUB_OBFU_Q1=0.227, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OfTJIsWD3wFI for <datatracker-rqmts@core3.amsl.com>; Mon, 15 Nov 2010 12:36:14 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 735C528C0E4 for <datatracker-rqmts@ietf.org>; Mon, 15 Nov 2010 12:36:14 -0800 (PST)
Received: from [75.101.18.87] (sn87.proper.com [75.101.18.87]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id oAFKapma085182 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 15 Nov 2010 13:36:53 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240801c90748751174@[75.101.18.87]>
In-Reply-To: <4CE19579.7040002@gmail.com>
References: <069201cb84a5$f3600e60$da202b20$@augustcellars.com> <4CE18751.7030002@gmail.com> <p06240823c9073a421353@[10.20.30.150]> <4CE19579.7040002@gmail.com>
Date: Mon, 15 Nov 2010 12:36:50 -0800
To: Royer Software and Services <royersoftwareandservices@gmail.com>, datatracker-rqmts@ietf.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [datatracker-rqmts] New Requirement
X-BeenThere: datatracker-rqmts@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <datatracker-rqmts.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/datatracker-rqmts>, <mailto:datatracker-rqmts-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/datatracker-rqmts>
List-Post: <mailto:datatracker-rqmts@ietf.org>
List-Help: <mailto:datatracker-rqmts-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/datatracker-rqmts>, <mailto:datatracker-rqmts-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2010 20:36:15 -0000

At 1:18 PM -0700 11/15/10, Royer Software and Services wrote:
>I am not trying to be a pain. I just don't see the need for private.

Private what? Private data that is already in the Datatracker (as Jim pointed out), or private lists (as are defined in the draft)? This is an important distinction.

>And the explanation
>given in that post does not convince me that anyone could reach any dangerous, invasive,
>disruptive, or anything else conclusions by knowing that some people are looking at something.

Again, that is not what Jim said. Let's try again:

At 1:17 AM -0800 11/15/10, Jim Schaad wrote:
>I believe that there may be situations where one wishes to create lists
>based on data that is private.  In this case either the list must not be
>able to be made public or it must be restricted based on the same
>constraints as the data.
>
>An example of where this might occur is called for.
>
>The ISE might desire to add a field to the data tracker listing the set of
>people who either have or have been asked to review a document.  This field
>is restricted to the ISE and the IESB.  If these people create a list based
>on the existence of a name in this field then it could be considered to be
>restricted to a small set of people.

There is nothing there about "knowing that some people are looking at something".

>Adding private seems like a lot of access control issues that  can break, have some misconfiguration,
>or software bug, that would not reveal the same information. With the terabytes of data posted on the net (daily?),
>it would be easier for an employer to just look at the employees activities than to write a tool to
>see what drafts there employee is looking at. (re: the example in the current draft).

The example in the current draft is not just about an employer looking. If I were looking for a job at XywCorp and created a list of all drafts written by XyzCorp employees, there are plenty of people I would not want to see my list.

>I have read the draft. Who could tell what it meant that  someone is looking at stuff?

I'm sorry, but I can't parse that question.

>My point is, what's private mean here?

See above.

>Would it be private that the draft changed? That some status changed? That someone is looking
>for keyword 'oops'? What would be private? The drafts are not private. The status of a draft
>is not private.

Correct. In the current draft, the *list of drafts* is private unless its creator makes it public. In the current Datatracker, some data is private.

>The name of the ISE is not private. The names of the IESB members is not private. They are
>going to review the drafts anyway. So, that is not private.

No one said it was.

>The title of the draft  is :
>
>    Requirements for Draft Tracking by the IETF Community in the Datatracker
>
>Not 'Requirement of the IAB, IETF, IESB, ISE, ...'

The IAB, IESG, and so on are members of the IETF community.

>So that argument posted does not seem on point - in my opinion.
>
>If it is needed, then it is needed. I have just not seen anyone post a reason
>that convinces me that it is needed.
>
>I have no plans to pound on this issue. I am trying to understand it.

Please re-read Jim's message again in light of my questions to you about what you mean by "private".

--Paul Hoffman, Director
--VPN Consortium

v2.23.0 | Report a Bug | By Email