Re: [ietf-privacy] [perpass] New Version Notification for draft-cooper-ietf-privacy-requirements-00.txt
Robin Wilton <wilton@isoc.org> Mon, 23 September 2013 11:19 UTC
Return-Path: <wilton@isoc.org>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCCF321F8B04 for <ietf-privacy@ietfa.amsl.com>; Mon, 23 Sep 2013 04:19:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.203
X-Spam-Level:
X-Spam-Status: No, score=-102.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BIjdlAObjfLx for <ietf-privacy@ietfa.amsl.com>; Mon, 23 Sep 2013 04:19:17 -0700 (PDT)
Received: from smtp150.iad.emailsrvr.com (smtp150.iad.emailsrvr.com [207.97.245.150]) by ietfa.amsl.com (Postfix) with ESMTP id 4494411E8178 for <ietf-privacy@ietf.org>; Mon, 23 Sep 2013 04:19:08 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp25.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 1F5C3300C01; Mon, 23 Sep 2013 07:19:06 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp25.relay.iad1a.emailsrvr.com (Authenticated sender: wilton-AT-isoc.org) with ESMTPSA id C55F13002FF; Mon, 23 Sep 2013 07:19:05 -0400 (EDT)
References: <20130920162352.23295.48024.idtracker@ietfa.amsl.com> <523C79A8.5050902@cs.tcd.ie> <8E31A51D-6452-4A82-9FA6-3EBA26628416@tik.ee.ethz.ch>
In-Reply-To: <8E31A51D-6452-4A82-9FA6-3EBA26628416@tik.ee.ethz.ch>
Mime-Version: 1.0 (1.0)
Content-Type: text/plain; charset="us-ascii"
Message-Id: <B2FB849A-79A6-4A8A-976B-33EA0DFBEEC0@isoc.org>
Content-Transfer-Encoding: quoted-printable
X-Mailer: iPad Mail (9B206)
From: Robin Wilton <wilton@isoc.org>
Date: Mon, 23 Sep 2013 12:22:09 +0100
To: Brian Trammell <trammell@tik.ee.ethz.ch>
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>, perpass <perpass@ietf.org>
Subject: Re: [ietf-privacy] [perpass] New Version Notification for draft-cooper-ietf-privacy-requirements-00.txt
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 11:19:24 -0000
I am seriously considering trying to gain enough weight that I can fit this onto myself as a tattoo: "The information radiated even from protocols which have no obvious connection with personal data can be correlated with other information which can paint a very rich behavioral picture, that only takes one unprotected link in the chain to associate with an identity." ;^) Robin Robin Wilton Technical Outreach Director - Identity and Privacy On 23 Sep 2013, at 08:40, Brian Trammell <trammell@tik.ee.ethz.ch> wrote: > hi Stephen, all, > > (copying ietf-privacy as requested in the draft) > > I've read the draft; it's a very good and welcome start at extending 6973 to a set of concrete recommendations for protocol design. I've got one comment on opportunistic encryption, though: > > In section 3, halfway down the page: "...at minimum, opportunistic encryption needs to be well-defined for almost all new IETF standards track protocols." > > I understand the rationale behind that "almost", but the lines around it will need to be very clearly drawn. On brief consideration, I cannot think of a single _new_ protocol for which opportunistic encryption shouldn't be the default, for reasons other than interoperability with an existing protocol that has a significant installed base. Even in such cases, I think it would be useful to be very clear that communication in the clear for interoperability is an exception, a "legacy" mode, "to be deprecated", or other not-very-happy-sounding words that mean "we realize we're stuck with it in this case but that's really no excuse." > > The information radiated even from protocols which have no obvious connection with personal data can be correlated with other information which can paint a very rich behavioral picture, that only takes one unprotected link in the chain to associate with an identity. Opportunistic encryption everywhere reduces the content of this radiated information, as well as reducing the risk of unprotected links holding some associable identifier. So exceptions will have to be very well justified if an aim of this work is protection of privacy against pervasive surveillance. > > Cheers, > > Brian > > On Sep 20, 2013, at 6:36 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > >> >> FYI. Comments welcome. >> >> S. >> >> >> -------- Original Message -------- >> Subject: New Version Notification for >> draft-cooper-ietf-privacy-requirements-00.txt >> Date: Fri, 20 Sep 2013 09:23:52 -0700 >> From: internet-drafts@ietf.org >> To: Alissa Cooper <acooper@cdt.org>, Sean Turner <turners@ieca.com>, >> Stephen Farrell <stephen.farrell@cs.tcd.ie> >> >> >> A new version of I-D, draft-cooper-ietf-privacy-requirements-00.txt >> has been successfully submitted by Alissa Cooper and posted to the >> IETF repository. >> >> Filename: draft-cooper-ietf-privacy-requirements >> Revision: 00 >> Title: Privacy Requirements for IETF Protocols >> Creation date: 2013-09-20 >> Group: Individual Submission >> Number of pages: 11 >> URL: >> http://www.ietf.org/internet-drafts/draft-cooper-ietf-privacy-requirements-00.txt >> Status: >> http://datatracker.ietf.org/doc/draft-cooper-ietf-privacy-requirements >> Htmlized: >> http://tools.ietf.org/html/draft-cooper-ietf-privacy-requirements-00 >> >> >> Abstract: >> It is the consensus of the IETF that IETF protocols be designed to >> avoid privacy violations to the extent possible. This document >> establishes a number of protocol design choices as Best Current >> Practices for the purpose of avoiding such violations. >> >> >> >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> >> _______________________________________________ >> perpass mailing list >> perpass@ietf.org >> https://www.ietf.org/mailman/listinfo/perpass > > _______________________________________________ > ietf-privacy mailing list > ietf-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-privacy
- [ietf-privacy] Fwd: New Version Notification for … Stephen Farrell
- Re: [ietf-privacy] Fwd: New Version Notification … SM
- Re: [ietf-privacy] Fwd: New Version Notification … Stephen Farrell
- Re: [ietf-privacy] New Version Notification for d… S Moonesamy
- Re: [ietf-privacy] [perpass] New Version Notifica… Brian Trammell
- Re: [ietf-privacy] [perpass] New Version Notifica… Robin Wilton
- Re: [ietf-privacy] [perpass] New Version Notifica… Stephen Farrell
- Re: [ietf-privacy] [perpass] New Version Notifica… Alissa Cooper
- Re: [ietf-privacy] [perpass] New Version Notifica… Brian Trammell
- Re: [ietf-privacy] [perpass] New Version Notifica… Stephen Farrell
- Re: [ietf-privacy] New Version Notification for d… Avri Doria
- Re: [ietf-privacy] New Version Notification for d… Scott Brim
- Re: [ietf-privacy] New Version Notification for d… Stephen Farrell