Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines-02.txt
Joseph Lorenzo Hall <joe@cdt.org> Thu, 28 March 2019 07:45 UTC
Return-Path: <jhall@cdt.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C85712031F for <hrpc@ietfa.amsl.com>; Thu, 28 Mar 2019 00:45:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tAw2vqk5r1En for <hrpc@ietfa.amsl.com>; Thu, 28 Mar 2019 00:45:51 -0700 (PDT)
Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40EDE1202E6 for <hrpc@irtf.org>; Thu, 28 Mar 2019 00:45:51 -0700 (PDT)
Received: by mail-ot1-x32c.google.com with SMTP id k21so16070947otf.1 for <hrpc@irtf.org>; Thu, 28 Mar 2019 00:45:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jKMcHqvVasu6Ty7dyKIQq+WEUM8VVn8g5e51Bb3OWAg=; b=EE/5feFLSDc8AqiPZxgwlmV2O508h6sGmD5He0mUzpnl5X9BFP8eaitAC3B+kO0Akm VhMltOGPsOdi1cn/tK+QDL+1O0DwfsaIpqi7FBuRw1NomUXuK0zWQ0XDiiXq6pS8I35v i8E9reLBIfP2S/vH4GqaA91v+1dZ1k6Wb+QoI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jKMcHqvVasu6Ty7dyKIQq+WEUM8VVn8g5e51Bb3OWAg=; b=dk145rxpkit/AfDgKud77tkD166fZUwvqcjKNktcHYXvY4xZBITDHS0DpwUwT/m2OA LNLnTNQ4azQYn7h0DBsDFcTE7D99wSeIS3bfeXGKDEIjutiza9rSR13I7ZscXzt4Gv/5 CWFodFGERjNonqUqT+BAljRdAguODHJx0lr0Q1coj/ABi0/xPkHxnDStAAGOQ+OjZKka 3egw9qzl2abj5X4d3OVzLrabyZXp/aLDNr1G6x5PRCKD6VvsleB8418SaxJoqX5V6sEw IMsS5IMsO4yFGmqoSMvn5Uap21wGVf5v1CGtO7QISRsIbgFjVLVwgpjmnelcWY6y/baQ L/KQ==
X-Gm-Message-State: APjAAAWgCmI9xwBPCDpzJre7dfO/f7RKA7EVgsovgBBLqvnWBgvgLS/6 NIT+C5bKD1fSuB28QgdW9PBu8AeCV9BG64xTnAJ1EAPHpOyZ0VsG
X-Google-Smtp-Source: APXvYqxY7IZ/hgamCfH2YOA34t9XbYifLYzTdxyIO6lK1FfzYV017gdenw/YeQyUSW+5jTekLroEK+dZm1tXs4Q5rnI=
X-Received: by 2002:a9d:5f06:: with SMTP id f6mr28870856oti.18.1553759150299; Thu, 28 Mar 2019 00:45:50 -0700 (PDT)
MIME-Version: 1.0
References: <155230481684.16918.12310340882529699964@ietfa.amsl.com> <a2457f5e-f83f-04fa-7c2a-99aefc0a4a00@cis-india.org>
In-Reply-To: <a2457f5e-f83f-04fa-7c2a-99aefc0a4a00@cis-india.org>
From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Thu, 28 Mar 2019 03:45:38 -0400
Message-ID: <CABtrr-UMtbkGxmyikgeLtZk083P1vGZmy54WhNn7dwnbB9=otg@mail.gmail.com>
To: Gurshabad Grover <gurshabad=40cis-india.org@dmarc.ietf.org>
Cc: Hrpc <hrpc@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000387289058522be66"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/NFJBnuuKlGoM4mR7cear7gt3OMA>
Subject: Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines-02.txt
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "mail@nielstenoever.net" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 07:45:54 -0000
On Tue, Mar 19, 2019 at 3:00 AM Gurshabad Grover <gurshabad= 40cis-india.org@dmarc.ietf.org> wrote: > On 11/03/19 5:16 PM, internet-drafts@ietf.org wrote: > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > This draft is a work item of the Human Rights Protocol Considerations RG > of the IRTF. > > (Thanks to the chairs for scheduling time to discuss this draft at > IETF104.) > > > Not sure if this is the best thread for feedback on this document, but here is my most recent review: - draft-irtf-hrpc-guidelines-02 - - 3.2: "Currently three five methods" - 3.2.2, could be clearer: "seeking to understand how it might provide a different ordering of the network or society." - 3.3.5, internet doesn't want anything: "If the Internet wants to be a global network of networks, the protocols should work with languages apart from English and character sets apart from Latin characters." - 3.3.6, double reference: "[RFC4941] This is why Privacy Extensions for Stateless Address Autoconfiguration in IPv6 have been introduced. [RFC4941]" - 3.3.6, I would reorder those questions - 3.3.8, the example seems unfinished? - 3.3.10, talks about "the internet" like "hip hop" (throughout the document, but especially apparent here) - 3.3.14, is this referring to encrypted intermediate storage? "or the implementation uses an encrypted store" - 3.3.15, how is the difference here between accuracy and consistency being thought out? Does consistency have a temporal/stateful aspect? "Does your protocol maintain, assure and/or verify the accuracy of payload data? Does your protocol maintain and assure the consistency of data?" - 3.3.15, the MITM description should probably be improved and bulleted? Should it hint at inactive MITM and should we call it something other than "man"? - 3.3.16, "man-in-the-middle-attacks" -> "man-in-the-middle attacks" - 3.3.16, "Bob can see the data did not come from Alice but from Corinne." remove "but by Corinne" as that may not be true. - 3.3.16, what about non-authenticity or knowing when to not ask for evidence of authenticity? E.g., attestation of hardware security devices like yubikeys may lock out people who use a different brand (Vanguard or Fidelity does this now). - 3.3.18, impacts bullet list broken - 3.3.19, typo "Does you protocol" - 5, looks like this should be a bullet list? -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 Don't miss out! CDT's Tech Prom is April 10, 2019, at The Anthem. Please join us: https://cdt.org/annual-dinner/
- Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines… Joseph Lorenzo Hall
- Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines… Joseph Lorenzo Hall
- [hrpc] I-D Action: draft-irtf-hrpc-guidelines-02.… internet-drafts
- Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines… Gurshabad Grover
- Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines… Corinne Cath
- Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines… Stephane Bortzmeyer
- Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines… Niels ten Oever
- Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines… Gurshabad Grover