Re: [ietf-privacy] Is there an official working definition for Privacy Online?

Stephen Farrell <> Thu, 05 May 2016 15:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 99A9312D0EF for <>; Thu, 5 May 2016 08:16:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.297
X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id L2LFcYAg-zly for <>; Thu, 5 May 2016 08:16:37 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3657612D504 for <>; Thu, 5 May 2016 08:12:14 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id F3CE7BE2D; Thu, 5 May 2016 16:12:12 +0100 (IST)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zIXvCJHTz37j; Thu, 5 May 2016 16:12:12 +0100 (IST)
Received: from [] ( []) by (Postfix) with ESMTPSA id 64A2ABE2C; Thu, 5 May 2016 16:12:12 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1462461132; bh=w4jsZM5rSYUWTmG4as2i7h/wUsUZSGlebpn5tZ1CFiM=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=UH+pp0QuYX4BoNYp7sTgsu+gUSBRzowm8wLLOw8b9B3P7YdcX8FaZlRhcbXFx8l73 8/gcoGZ08OUmvKxlK9clThjux13ZK/qc4GMZlT9IXOKdMWk5RTl1wzfw3r8d5rHsUb qrD3ooipoFRzuveSevdrdf1YfknQ0odwAqoOq4xk=
To: Alissa Cooper <>, Christian Huitema <>
References: <> <> <> <> <> <> <> <015a01d0798d$509954c0$f1cbfe40$> <> <> <029801d1a4b9$c3b57850$4b2068f0$> <>
From: Stephen Farrell <>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <>
Date: Thu, 05 May 2016 16:12:20 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms030904010106050509060100"
Archived-At: <>
Cc:,, Josh Howlett <>
Subject: Re: [ietf-privacy] Is there an official working definition for Privacy Online?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet Privacy Discussion List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 May 2016 15:16:39 -0000

On 05/05/16 15:53, Alissa Cooper wrote:
> +1. If people want to consider privacy as a heading under which we
> group a bunch of different kinds of attacks, that works perfectly
> well I think.

In the case of privacy, not all the bad things are correctly
described as attacks IMO. E.g. leaving sensitive data in a
log file for too long is not in itself an attack, but can be
risky. Only emitting packets when a user is present similarly.

I'm not even sure the risk analysis method we use for security
is the best way to try address privacy in IETF work. But I did
raise that when 6973 was being done and given that I didn't
have a better method to offer (and still don't) that didn't
make it into the doc:-)

> Rather than spending a lot of time to try to find a magical
> two-sentence definition that everyone can agree on (which I doubt is
> feasible), I think the time would be better spent on refining how we
> define the set of attacks and mitigations against them, building on
> or fixing what’s in RFC 6973, possibly turning bits of that into a
> BCP, etc. The two sentences will not be directly actionable no matter
> what they say, whereas a comprehensive threat model and mitigations
> suite could be.

Maybe. I still think that an introductory part of such a document
would be better if we had some definition of what we mean by privacy
when we use the term in IETF documents. (Note: I don't think we need
the one true definition of privacy for the Internet, and I'd agree
with you that we won't get that done.)

I do like the idea of BCP'ing bits of 6973 where it makes sense to
do so regardless of whether or not we come up with some useful