[Dtls-iot] Privacy Considerations
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 17 August 2015 12:31 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81BA51B2D46 for <dtls-iot@ietfa.amsl.com>; Mon, 17 Aug 2015 05:31:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MVFpF-zFGcb3 for <dtls-iot@ietfa.amsl.com>; Mon, 17 Aug 2015 05:31:18 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C26C1A065C for <dtls-iot@ietf.org>; Mon, 17 Aug 2015 05:31:17 -0700 (PDT)
Received: from [192.168.131.138] ([80.92.114.40]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LqALY-1YnYxv45NA-00dk3o for <dtls-iot@ietf.org>; Mon, 17 Aug 2015 14:31:16 +0200
Message-ID: <55D1D413.4050205@gmx.net>
Date: Mon, 17 Aug 2015 14:31:15 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: "dtls-iot@ietf.org" <dtls-iot@ietf.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="1bAte4f5MRlsXXVC2i9NTRssNTpMoaeRc"
X-Provags-ID: V03:K0:vAfbeGPILzb+ZQHOoVbalvRLCdnOjuoztk4opUlewbeoq2Ge/O9 Viy0uGB5uaKSDASJaunCzemf7nbpaboo2F5709NpKTKXeNCDKGhpICI12vbVsEooVLUAjmf jPkSsNqwRbXfqX898zRBvv8cTV7hzXAXtPeRq+Izy3EXLffBHh3bSbS1AzI0WDBoYxUzdfK z4f73NF68FnRhfPayyUVA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:fzqJcttlnN4=:A2/Y3z66M7GE5Gn52V7qoi KY3cdVei6vpFtgCju3+pmKStwWmaO2wJ0WAfovQ82IZDS8voGoDk4EQkP6jj3q+AnHF/XECgv JvO5/Jl271lQ9yww6bumSmNJdDCORbAuTz38xzV2VJWo5K8kAS2b8/HPBqrLrnarLtrOMPlEK moCce9Q4WWWGLPl2ylVfeGws0KR1DK9c1Jp2mLV2rghclfRW/xerImv8j5/D/1xzMKmgk15tI ypZNKfhsyqKMvjMWMrEgwzyTD8oYvbmrdvEgp+necpb79M5QXgm+0kKj7EP+ATiyCWpj6eYzv VPxP04l1dfDJ96qKAX9BGgClRB+rX/wcs1jCEQoh3aJcOZNHAmvxhsE73LKcJShXGSMxEID0C mfUL2T0OOhdpaSBJ3/4iSoFn6yl8iwixqKNPltmbrUrdgbU27iNGqwVsJAAPmEufs7dVIkWd6 zWu53wIBdLoPSATxHCJQmM5cM/SE/M31RGlhs6NSJx518TkcbfhLhQw/lBQkodOOCEDu3fn7U ebrfoVugcHe1LdqicAiXmJsz9teH0ZE8xsNxvVyv6CcFih+c77CgKCgYezoN16kLVuZK4ysqn ijzbT2ogWm6eX5FDhqqiN6PAvSKbVBbIdmPYJpsy8+Z12mBMOXMTRLFX42d3qMtfjSDrsKDc8 7toYfcpgWe17hyaBmEXO+izx1HXCN6zphMhByC6Eeg83CaZYXYlhMOgvYn1LUdWueZaw/aSqH YMkbNRle+0u0f7X2
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/-vTmSTEIVLeyX4WkOPhzK3eRS9c>
Subject: [Dtls-iot] Privacy Considerations
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2015 12:31:19 -0000
Hi all, Stephen wrote: (12) 24: You need to mention that simply emitting a packet can be privacy sensitive and that (D)TLS doesn't help if so. For example, if lights turn on when I enter the room and those packets can be detected then seeing any packet says someone has entered the room. Or if a thing I carry about sends out nicely encrypted stuff then seeing the destination IP for that might have the privacy issue. Or if a sensor has a threshold and only fires above/below that then seeing any packet means we've crossed the threshold. Text that explains that and that that's a system and/or application layer issue is needed I think. I added a paragraph to the privacy considerations section: ------- Note that the absence or presence of communication itself might reveal information to an adversary. For example, a presence sensor may initiate messaging when a person enters a building. While TLS/ DTLS would offer confidentiality protection of the transmitted information it does not help to conceal all communication patterns. Furthermore, the IP header, which is not protected by TLS/DTLS, additionally reveals information about the other communication endpoint. For applications where such privacy concerns exist additional safeguards are required, such as injecting dummy traffic and onion routing. A detailed treatment of such solutions is outside the scope of this document and requires a system-level view. ------- I hope this resolves issue#35: http://trac.tools.ietf.org/wg/dice/trac/ticket/35 Ciao Hannes
- [Dtls-iot] Privacy Considerations Hannes Tschofenig