Re: [ietf-privacy] Is there an official working definition for Privacy Online?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 05 May 2016 15:16 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99A9312D0EF for <ietf-privacy@ietfa.amsl.com>; Thu, 5 May 2016 08:16:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.297
X-Spam-Level:
X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L2LFcYAg-zly for <ietf-privacy@ietfa.amsl.com>; Thu, 5 May 2016 08:16:37 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3657612D504 for <ietf-privacy@ietf.org>; Thu, 5 May 2016 08:12:14 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id F3CE7BE2D; Thu, 5 May 2016 16:12:12 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zIXvCJHTz37j; Thu, 5 May 2016 16:12:12 +0100 (IST)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 64A2ABE2C; Thu, 5 May 2016 16:12:12 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1462461132; bh=w4jsZM5rSYUWTmG4as2i7h/wUsUZSGlebpn5tZ1CFiM=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=UH+pp0QuYX4BoNYp7sTgsu+gUSBRzowm8wLLOw8b9B3P7YdcX8FaZlRhcbXFx8l73 8/gcoGZ08OUmvKxlK9clThjux13ZK/qc4GMZlT9IXOKdMWk5RTl1wzfw3r8d5rHsUb qrD3ooipoFRzuveSevdrdf1YfknQ0odwAqoOq4xk=
To: Alissa Cooper <alissa@cooperw.in>, Christian Huitema <huitema@huitema.net>
References: <552FCC84.6040305@gmail.com> <CA+9kkMCYuEGRidB1D=SGA0qxk+SuX6+HyqToYDmqQVmpBskWrw@mail.gmail.com> <5530329E.4060608@dcrocker.net> <01F784DA-5FD5-4D1F-8613-C2E668EDA765@isoc.org> <55311CE9.9040003@dcrocker.net> <DB3PR07MB138A042321BB99DF9AB94A4BCE30@DB3PR07MB138.eurprd07.prod.outlook.com> <55313140.9040400@dcrocker.net> <015a01d0798d$509954c0$f1cbfe40$@huitema.net> <CABtrr-X6CgN3J0dA1YBED0j6K7D5Mt2NAbUwGF5E67BoFX9JUQ@mail.gmail.com> <57268D25.3070708@dcrocker.net> <029801d1a4b9$c3b57850$4b2068f0$@huitema.net> <4826F2DD-7A3C-46ED-AB68-A1B1B1E5F30B@cooperw.in>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <572B62D4.7090706@cs.tcd.ie>
Date: Thu, 5 May 2016 16:12:20 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <4826F2DD-7A3C-46ED-AB68-A1B1B1E5F30B@cooperw.in>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms030904010106050509060100"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-privacy/12FI2G5Af6VQqA4vujND8aMtWg8>
Cc: ietf-privacy@ietf.org, dcrocker@bbiw.net, Josh Howlett <Josh.Howlett@jisc.ac.uk>
Subject: Re: [ietf-privacy] Is there an official working definition for Privacy Online?
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2016 15:16:39 -0000


On 05/05/16 15:53, Alissa Cooper wrote:
> +1. If people want to consider privacy as a heading under which we
> group a bunch of different kinds of attacks, that works perfectly
> well I think.

In the case of privacy, not all the bad things are correctly
described as attacks IMO. E.g. leaving sensitive data in a
log file for too long is not in itself an attack, but can be
risky. Only emitting packets when a user is present similarly.

I'm not even sure the risk analysis method we use for security
is the best way to try address privacy in IETF work. But I did
raise that when 6973 was being done and given that I didn't
have a better method to offer (and still don't) that didn't
make it into the doc:-)

> 
> Rather than spending a lot of time to try to find a magical
> two-sentence definition that everyone can agree on (which I doubt is
> feasible), I think the time would be better spent on refining how we
> define the set of attacks and mitigations against them, building on
> or fixing what’s in RFC 6973, possibly turning bits of that into a
> BCP, etc. The two sentences will not be directly actionable no matter
> what they say, whereas a comprehensive threat model and mitigations
> suite could be.

Maybe. I still think that an introductory part of such a document
would be better if we had some definition of what we mean by privacy
when we use the term in IETF documents. (Note: I don't think we need
the one true definition of privacy for the Internet, and I'd agree
with you that we won't get that done.)

I do like the idea of BCP'ing bits of 6973 where it makes sense to
do so regardless of whether or not we come up with some useful
definition.

S.