[Dtls-iot] Privacy Considerations

Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 17 August 2015 12:31 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 81BA51B2D46 for <dtls-iot@ietfa.amsl.com>; Mon, 17 Aug 2015 05:31:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id MVFpF-zFGcb3 for <dtls-iot@ietfa.amsl.com>; Mon, 17 Aug 2015 05:31:18 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C26C1A065C for <dtls-iot@ietf.org>; Mon, 17 Aug 2015 05:31:17 -0700 (PDT)
Received: from [] ([]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LqALY-1YnYxv45NA-00dk3o for <dtls-iot@ietf.org>; Mon, 17 Aug 2015 14:31:16 +0200
Message-ID: <55D1D413.4050205@gmx.net>
Date: Mon, 17 Aug 2015 14:31:15 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: "dtls-iot@ietf.org" <dtls-iot@ietf.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="1bAte4f5MRlsXXVC2i9NTRssNTpMoaeRc"
X-Provags-ID: V03:K0:vAfbeGPILzb+ZQHOoVbalvRLCdnOjuoztk4opUlewbeoq2Ge/O9 Viy0uGB5uaKSDASJaunCzemf7nbpaboo2F5709NpKTKXeNCDKGhpICI12vbVsEooVLUAjmf jPkSsNqwRbXfqX898zRBvv8cTV7hzXAXtPeRq+Izy3EXLffBHh3bSbS1AzI0WDBoYxUzdfK z4f73NF68FnRhfPayyUVA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:fzqJcttlnN4=:A2/Y3z66M7GE5Gn52V7qoi KY3cdVei6vpFtgCju3+pmKStwWmaO2wJ0WAfovQ82IZDS8voGoDk4EQkP6jj3q+AnHF/XECgv JvO5/Jl271lQ9yww6bumSmNJdDCORbAuTz38xzV2VJWo5K8kAS2b8/HPBqrLrnarLtrOMPlEK moCce9Q4WWWGLPl2ylVfeGws0KR1DK9c1Jp2mLV2rghclfRW/xerImv8j5/D/1xzMKmgk15tI ypZNKfhsyqKMvjMWMrEgwzyTD8oYvbmrdvEgp+necpb79M5QXgm+0kKj7EP+ATiyCWpj6eYzv VPxP04l1dfDJ96qKAX9BGgClRB+rX/wcs1jCEQoh3aJcOZNHAmvxhsE73LKcJShXGSMxEID0C mfUL2T0OOhdpaSBJ3/4iSoFn6yl8iwixqKNPltmbrUrdgbU27iNGqwVsJAAPmEufs7dVIkWd6 zWu53wIBdLoPSATxHCJQmM5cM/SE/M31RGlhs6NSJx518TkcbfhLhQw/lBQkodOOCEDu3fn7U ebrfoVugcHe1LdqicAiXmJsz9teH0ZE8xsNxvVyv6CcFih+c77CgKCgYezoN16kLVuZK4ysqn ijzbT2ogWm6eX5FDhqqiN6PAvSKbVBbIdmPYJpsy8+Z12mBMOXMTRLFX42d3qMtfjSDrsKDc8 7toYfcpgWe17hyaBmEXO+izx1HXCN6zphMhByC6Eeg83CaZYXYlhMOgvYn1LUdWueZaw/aSqH YMkbNRle+0u0f7X2
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/-vTmSTEIVLeyX4WkOPhzK3eRS9c>
Subject: [Dtls-iot] Privacy Considerations
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2015 12:31:19 -0000

Hi all,

Stephen wrote:

(12) 24: You need to mention that simply emitting a
packet can be privacy sensitive and that (D)TLS doesn't
help if so. For example, if lights turn on when I enter
the room and those packets can be detected then seeing
any packet says someone has entered the room. Or if a
thing I carry about sends out nicely encrypted stuff
then seeing the destination IP for that might have the
privacy issue. Or if a sensor has a threshold and only
fires above/below that then seeing any packet means
we've crossed the threshold. Text that explains that and
that that's a system and/or application layer issue is
needed I think.

I added a paragraph to the privacy considerations section:


   Note that the absence or presence of communication itself might
   reveal information to an adversary.  For example, a presence sensor
   may initiate messaging when a person enters a building.  While TLS/
   DTLS would offer confidentiality protection of the transmitted
   information it does not help to conceal all communication patterns.
   Furthermore, the IP header, which is not protected by TLS/DTLS,
   additionally reveals information about the other communication
   endpoint.  For applications where such privacy concerns exist
   additional safeguards are required, such as injecting dummy traffic
   and onion routing.  A detailed treatment of such solutions is outside
   the scope of this document and requires a system-level view.


I hope this resolves issue#35: