IETF Logo Mail Archive

Re: [ietf-privacy] Privacy and Identifiers - draft-moonesamy-privacy-identifiers-01

<mohamed.boucadair@orange.com> Tue, 17 September 2013 11:56 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8064611E80FD for <ietf-privacy@ietfa.amsl.com>; Tue, 17 Sep 2013 04:56:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.075
X-Spam-Level:
X-Spam-Status: No, score=-2.075 tagged_above=-999 required=5 tests=[AWL=0.173, BAYES_00=-2.599, HELO_EQ_FR=0.35, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dx1WNsXw-1ac for <ietf-privacy@ietfa.amsl.com>; Tue, 17 Sep 2013 04:56:37 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) by ietfa.amsl.com (Postfix) with ESMTP id 1C96111E80FE for <ietf-privacy@ietf.org>; Tue, 17 Sep 2013 04:56:36 -0700 (PDT)
Received: from omfedm08.si.francetelecom.fr (unknown [xx.xx.xx.4]) by omfedm11.si.francetelecom.fr (ESMTP service) with ESMTP id B0C233B45B4; Tue, 17 Sep 2013 13:56:35 +0200 (CEST)
Received: from PUEXCH61.nanterre.francetelecom.fr (unknown [10.101.44.32]) by omfedm08.si.francetelecom.fr (ESMTP service) with ESMTP id 92D30238061; Tue, 17 Sep 2013 13:56:35 +0200 (CEST)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.233.200.25]) by PUEXCH61.nanterre.francetelecom.fr ([10.101.44.32]) with mapi; Tue, 17 Sep 2013 13:56:34 +0200
From: mohamed.boucadair@orange.com
To: S Moonesamy <sm+ietf@elandsys.com>, "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>
Date: Tue, 17 Sep 2013 13:56:29 +0200
Thread-Topic: [ietf-privacy] Privacy and Identifiers - draft-moonesamy-privacy-identifiers-01
Thread-Index: Ac6xX5czKf7vvlErRfOC+r1XNN9qHQCO2K8A
Message-ID: <94C682931C08B048B7A8645303FDC9F36EF1241331@PUEXCB1B.nanterre.francetelecom.fr>
References: <6.2.5.6.2.20130914080154.0bbdf140@elandnews.com>
In-Reply-To: <6.2.5.6.2.20130914080154.0bbdf140@elandnews.com>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.8.27.82422
Subject: Re: [ietf-privacy] Privacy and Identifiers - draft-moonesamy-privacy-identifiers-01
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 11:57:01 -0000

Hi SM,

Thank you for updating the draft.

One comment I have when reading this reco from your draft:

      It is recommended that an identifier be used at the layer at which
      its functionality is necessary for communication to be
      established.

is, from a privacy perspective, there is no justification for it. If the information is present in the packet, does it really matter if it is used in other layers? Why reusing that info will impact the privacy? Take the example of TCP that use the IP address for the pseudo header checksum, SIP, SDP, etc. If you have in mind particular identifiers, it would be valuable to explicit them rather than having a generic statement.

If we take the example of an IP address as an identifier, even if it is revealed in various layers, this does not mean that one single individual/user is associated with that identifier. Take the example of multiple machines behind the same CPE, or multiple subscribers behind the same CGN, etc. Nevertheless: 
* the configuration of a browser may be used easily to track user (e.g., https://panopticlick.eff.org/)
* some application headers (e.g., referer) may contribute to ease the correlation between many pieces of information (e.g., a web email account and a social networking account for instance)

Discussing issues related to correlating information leaked by applications would be useful to record in this document.

Cheers,
Med

>-----Message d'origine-----
>De : ietf-privacy-bounces@ietf.org [mailto:ietf-privacy-bounces@ietf.org]
>De la part de S Moonesamy
>Envoyé : samedi 14 septembre 2013 17:28
>À : ietf-privacy@ietf.org
>Objet : [ietf-privacy] Privacy and Identifiers - draft-moonesamy-privacy-
>identifiers-01
>
>Hello,
>
>The initial version of draft-moonesamy-privacy-identifiers was
>submitted over a year ago.  There was some discussion about the draft
>on this mailing list.  I submitted
>draft-moonesamy-privacy-identifiers-01 (
>http://tools.ietf.org/html/draft-moonesamy-privacy-identifiers-01 ).
>
>Anyone who feels strongly about privacy might find it the main change
>(first paragraph of Section 1) of some interest as it is a good start
>to understand the relation between privacy and secrecy.
>
>I added a reference to RFC 6973 as it may be useful for authors
>writing IETF specifications.
>
>The draft restricts to a brief discussion of privacy and
>identifiers.  The intent is to keep it easy for the reader and
>encourage the person to think about identifiers from a privacy
>perspective.  The draft does not focus on the technical aspects so as
>to be accessible to a technical and non-technical audience.
>
>I would appreciate comments about the draft.
>
>Regards,
>S. Moonesamy
>
>_______________________________________________
>ietf-privacy mailing list
>ietf-privacy@ietf.org
>https://www.ietf.org/mailman/listinfo/ietf-privacy

v2.23.0 | Report a Bug | By Email