IETF Logo Mail Archive

Re: [ietf-privacy] [perpass] New Version Notification for draft-cooper-ietf-privacy-requirements-00.txt

Brian Trammell <trammell@tik.ee.ethz.ch> Mon, 23 September 2013 15:15 UTC

Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C90E21F9BC3; Mon, 23 Sep 2013 08:15:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.449
X-Spam-Level:
X-Spam-Status: No, score=-6.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3jJsaJzKZFp; Mon, 23 Sep 2013 08:15:52 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by ietfa.amsl.com (Postfix) with ESMTP id 17B8921F9BBD; Mon, 23 Sep 2013 08:15:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id E984ED9307; Mon, 23 Sep 2013 17:15:48 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 1cwWqBR7Q54l; Mon, 23 Sep 2013 17:15:48 +0200 (MEST)
Received: from pb-10243.ethz.ch (pb-10243.ethz.ch [82.130.102.152]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id ADBE5D9300; Mon, 23 Sep 2013 17:15:48 +0200 (MEST)
Content-Type: multipart/signed; boundary="Apple-Mail=_8335088C-3785-4631-8F2E-260FCB5C1BAA"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Brian Trammell <trammell@tik.ee.ethz.ch>
In-Reply-To: <CBFDAFB3-27C1-477A-804A-74DB6DB17EAE@cdt.org>
Date: Mon, 23 Sep 2013 17:15:48 +0200
Message-Id: <2BB181AD-2269-4B91-B109-67E7E912F513@tik.ee.ethz.ch>
References: <20130920162352.23295.48024.idtracker@ietfa.amsl.com> <523C79A8.5050902@cs.tcd.ie> <8E31A51D-6452-4A82-9FA6-3EBA26628416@tik.ee.ethz.ch> <CBFDAFB3-27C1-477A-804A-74DB6DB17EAE@cdt.org>
To: Alissa Cooper <acooper@cdt.org>
X-Mailer: Apple Mail (2.1508)
Cc: ietf-privacy@ietf.org, perpass <perpass@ietf.org>
Subject: Re: [ietf-privacy] [perpass] New Version Notification for draft-cooper-ietf-privacy-requirements-00.txt
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 15:15:58 -0000

hi Alissa,

On 23 Sep 2013, at 16:32 , Alissa Cooper <acooper@cdt.org> wrote:

> Hi Brian,
> 
> Thanks for your comments.
> 
> On Sep 23, 2013, at 3:40 AM, Brian Trammell <trammell@tik.ee.ethz.ch> wrote:
> 
>> hi Stephen, all,
>> 
>> (copying ietf-privacy as requested in the draft)
>> 
>> I've read the draft; it's a very good and welcome start at extending 6973 to a set of concrete recommendations for protocol design. I've got one comment on opportunistic encryption, though:
>> 
>> In section 3, halfway down the page: "...at minimum, opportunistic encryption needs to be well-defined for almost all new IETF standards track protocols." 
>> 
>> I understand the rationale behind that "almost", but the lines around it will need to be very clearly drawn. On brief consideration, I cannot think of a single _new_ protocol for which opportunistic encryption shouldn't be the default, for reasons other than interoperability with an existing protocol that has a significant installed base. Even in such cases, I think it would be useful to be very clear that communication in the clear for interoperability is an exception, a "legacy" mode, "to be deprecated", or other not-very-happy-sounding words that mean "we realize we're stuck with it in this case but that's really no excuse."
> 
> I have not been super comfortable with the "almost" either. I've been thinking instead of something like:
> 
> "As a consequence, at minimum, opportunistic encryption needs to be well-defined for new IETF standards track protocols. This requirement may be waved only in exceptional circumstances where the protocol's utility would be eliminated or severely diminished if opportunistic encryption were defined."

This is a better version of what I've been trying to come up with. (Nit: s/waved/waived/)

>> The information radiated even from protocols which have no obvious connection with personal data can be correlated with other information which can paint a very rich behavioral picture, that only takes one unprotected link in the chain to associate with an identity. Opportunistic encryption everywhere reduces the content of this radiated information, as well as reducing the risk of unprotected links holding some associable identifier. So exceptions will have to be very well justified if an aim of this work is protection of privacy against pervasive surveillance.
> 
> I'm not ready to ink this on my skin, but it does seem like good text to add to the document, with minimal tweaks. :)

Now that I've seen the direction this draft is going in, I'm hoping to get back to -perpass-ppa soon, to move it more in the direction of a catalog of information radiation to look for.

Cheers,

Brian

v2.23.0 | Report a Bug | By Email