Re: [ietf-privacy] Privacy and Identifiers - draft-moonesamy-privacy-identifiers-01
S Moonesamy <sm+ietf@elandsys.com> Tue, 17 September 2013 17:43 UTC
Return-Path: <sm@elandsys.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4CFA11E853D for <ietf-privacy@ietfa.amsl.com>; Tue, 17 Sep 2013 10:43:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.555
X-Spam-Level:
X-Spam-Status: No, score=-102.555 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gMstSNed58M7 for <ietf-privacy@ietfa.amsl.com>; Tue, 17 Sep 2013 10:43:37 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id AC27111E82B7 for <ietf-privacy@ietf.org>; Tue, 17 Sep 2013 10:43:34 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.224.158.202]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r8HHhImc009280 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 17 Sep 2013 10:43:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1379439812; bh=DzO3c2XE1BWAUjnXM2rGJUqfbc3Zdj7MwUXwwPZ0LnY=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=QoGtZ0dQ9zm2rPDShexCjdJ1Lo0hfwwFOc8R4fn439FXvZ+q0vFSNQfp1wG5rDgB+ 39F3dQhisg0alhy06j0tUOQY5GT8g8RwQxv/JeJRCz2ftTXIAL0e4qW3QEJgE2+lhN fNActxmOTn25JrQGSZurHR1tEFAx04L1Ok/P1mOQ=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1379439812; i=@elandsys.com; bh=DzO3c2XE1BWAUjnXM2rGJUqfbc3Zdj7MwUXwwPZ0LnY=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=VPwI6jDIxxp62MU6ME4ESfUhSyac5Yp26paZtPbIitGnDsZ65kmP9nJZO6N3lHSF9 1vDYEUK3CQUzSM2mFq+LMZYMg6AbzXD71Lj3Z2uCe+phw4mn6lWBczomoabZRv8sUK Hq6FQWCwEC08/S/8Ui5gc48w18oZ++udH+fQmmjQ=
Message-Id: <6.2.5.6.2.20130917084141.0e3918e8@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Tue, 17 Sep 2013 10:42:23 -0700
To: mohamed.boucadair@orange.com
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <94C682931C08B048B7A8645303FDC9F36EF1241331@PUEXCB1B.nanter re.francetelecom.fr>
References: <6.2.5.6.2.20130914080154.0bbdf140@elandnews.com> <94C682931C08B048B7A8645303FDC9F36EF1241331@PUEXCB1B.nanterre.francetelecom.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: ietf-privacy@ietf.org
Subject: Re: [ietf-privacy] Privacy and Identifiers - draft-moonesamy-privacy-identifiers-01
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 17:43:39 -0000
Hi Med, At 04:56 17-09-2013, mohamed.boucadair@orange.com wrote: >One comment I have when reading this reco from your draft: > > It is recommended that an identifier be used at the layer at which > its functionality is necessary for communication to be > established. > >is, from a privacy perspective, there is no justification for it. If >the information is present in the packet, does it really matter if >it is used in other layers? Why reusing that info will impact the >privacy? Take the example of TCP that use the IP address for the >pseudo header checksum, SIP, SDP, etc. If you have in mind >particular identifiers, it would be valuable to explicit them rather >than having a generic statement. The problem is secondary use (see RFC 6973 Section 5.2.3) and consent [1]. The draft argues that consent is implicit if the information is necessary for communication. If it is necessary to send out the IP address in the TCP session, that does not mean that the protocol at a higher layer can take it and put it in a header field. As an example, please see Section 8.2 and 8.2 of draft-ietf-appsawg-http-forwarded-10. From a privacy perspective I can find out your approximate location the source IP address used for your SIP call. There are times when that can be embarrassing, e.g. you told your manager that you are calling from work while the source IP address points to another location. Let's say that we have to document the privacy implications in our document. The reuse cases will be more work for us as we have to think of more possibilities. The way to avoid that is apply some form of layering when we tackle privacy. The examples in Section 4 (of the draft) were chosen as the related specifications explain what these identifiers are above. There isn't any explanation in plain English for identifiers used in other specifications. I could take the RFC 6973 approach and write a long document. My guess is that people won't read it. :-) The approach I adopted was to keep it simple. A generic statement can be argued both ways. For example, you can argue that the identifier is necessary at the higher layer without having to ask the user for consent. I used "recommendation" instead of "requirement" so as not to impose constraints. >If we take the example of an IP address as an identifier, even if it >is revealed in various layers, this does not mean that one single >individual/user is associated with that identifier. Take the example >of multiple machines behind the same CPE, or multiple subscribers >behind the same CGN, etc. Nevertheless: >* the configuration of a browser may be used easily to track user >(e.g., https://panopticlick.eff.org/) >* some application headers (e.g., referer) may contribute to ease >the correlation between many pieces of information (e.g., a web >email account and a social networking account for instance) > >Discussing issues related to correlating information leaked by >applications would be useful to record in this document. I commented about a draft recently (see http://www.ietf.org/mail-archive/web/homenet/current/msg03100.html ). In a NAT scenario we cannot say that there is only one person behind the CPE. The same applies to CGN. In an IPv6 scenario we can narrow down (or might assume) that it is one person or device using the IPv6 address. When the legislator writes the law the questions that he or she will ask is: (a) Does the IP address identify one person? (b) Does the IP address identify the location from which the call was made? Note that there is some ambiguity in the questions. The legislator would like to have easy answers. This is where someone explains that the IP address can be used to identify the person. For (b) the explanation might be that the IP address can be used to identify the location. It can be lead to events such as http://www.tmz.com/2013/04/05/selena-gomez-swatted/ The browser sends a lot of information (re. the link you provided). There are already some good questions in RFC 6973. I chose not to discuss it in the draft to keep the discussion simple. What I would like to see, for example, is what you did. You mentioned that correlation can be a problem and you thought about some other problems. I don't have the answers. However, it is a step forward if you and I can talk about privacy and try and understand how the identifiers can be used. Regards, S. Moonesamy 1. http://www.cnil.fr/les-themes/internet-telephonie/fiche-pratique/article/ce-que-le-paquet-telecom-change-pour-les-cookies/
- [ietf-privacy] Privacy and Identifiers - draft-mo… S Moonesamy
- Re: [ietf-privacy] Privacy and Identifiers - draf… mohamed.boucadair
- Re: [ietf-privacy] Privacy and Identifiers - draf… S Moonesamy
- Re: [ietf-privacy] Privacy and Identifiers - draf… Avri Doria