IETF Logo Mail Archive

Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity definition in"draft-hansen-privacy-terminology-03"

Klaas Wierenga <klaas@wierenga.net> Sat, 25 February 2012 17:43 UTC

Return-Path: <klaas@wierenga.net>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE88E21F860D for <ietf-privacy@ietfa.amsl.com>; Sat, 25 Feb 2012 09:43:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.503
X-Spam-Level:
X-Spam-Status: No, score=-1.503 tagged_above=-999 required=5 tests=[AWL=0.248, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOsE6byMt80A for <ietf-privacy@ietfa.amsl.com>; Sat, 25 Feb 2012 09:43:25 -0800 (PST)
Received: from out44-ams.mf.surf.net (out44-ams.mf.surf.net [145.0.1.44]) by ietfa.amsl.com (Postfix) with ESMTP id B45B321F8607 for <ietf-privacy@ietf.org>; Sat, 25 Feb 2012 09:43:24 -0800 (PST)
Received: from teletubbie.het.net.je (teletubbie.het.net.je [192.87.110.29]) by outgoing2-ams.mf.surf.net (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q1PHhHUa006747; Sat, 25 Feb 2012 18:43:17 +0100
Received: from 535512e3.cm-6-6a.dynamic.ziggo.nl ([83.85.18.227] helo=[192.168.1.64]) by teletubbie.het.net.je with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.76 (FreeBSD)) (envelope-from <klaas@wierenga.net>) id 1S1LdS-000Dox-5U; Sat, 25 Feb 2012 18:42:18 +0100
References: <OFB573E6ED.4083D82F-ON482579A5.0020B5E3-482579A5.00218D60@zte.com.cn> <EA284556-1D73-47E9-A34E-F47643BAEAB9@cardiff.ac.uk> <4F441C90.4090202@kent.ac.uk> <50C44B6C-9C01-403B-938B-E8582AED790B@gmx.net> <41983DCE-76CD-4CC9-9EFC-CFEC3950F352@wierenga.net> <4F481028.1010302@kent.ac.uk> <4F48DCFA.4010105@cs.tcd.ie> <3331A5AC-5DCD-4EC4-A4ED-278359B75283@wierenga.net>
In-Reply-To: <3331A5AC-5DCD-4EC4-A4ED-278359B75283@wierenga.net>
Mime-Version: 1.0 (1.0)
Content-Type: text/plain; charset="utf-8"
Message-Id: <E04092FA-ACE7-4CDF-99A4-131ADC03C0CB@wierenga.net>
Content-Transfer-Encoding: quoted-printable
X-Mailer: iPad Mail (9A405)
From: Klaas Wierenga <klaas@wierenga.net>
Date: Sat, 25 Feb 2012 18:43:21 +0100
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Antivirus: no malware found
X-Bayes-Prob: 0.0001 (Score 0, tokens from: @@RPTN)
X-CanIt-Geo: ip=192.87.110.29; country=NL; latitude=52.5000; longitude=5.7500; http://maps.google.com/maps?q=52.5000,5.7500&z=6
X-CanItPRO-Stream: p-out:default (inherits from p:default,base:default)
X-Canit-Stats-ID: 0vGChHhAA - f43b3a6be7e6 - 20120225 (trained as not-spam)
X-Scanned-By: CanIt (www . roaringpenguin . com) on 145.0.1.44
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>
Subject: Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity definition in"draft-hansen-privacy-terminology-03"
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Feb 2012 17:43:26 -0000

In the meanwhile perhaps worth looking at http://www.eduroam.org/downloads/docs/GN2-08-243-DJ5-4-1-2_Advanced_Technologies_Overview_Second_Edition_20090204080004.pdf section 2.2 on the use of pseudonyms in the Chargeable User Identifier attribute.

Klaas

Sent from my iPad

On 25 feb. 2012, at 18:24, Klaas Wierenga <klaas@wierenga.net> wrote:

> Fwiw, I have agreed with Stefan Winter and Tomasz Wolniewicz to write an informational draft on the design of eduroam, including how logging is handled using pseudonymous identifiers, now if only we manage to find some time to write it up.....
> 
> Klaas
> 
> Sent from my iPad
> 
> On 25 feb. 2012, at 14:07, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
>> 
>> Well, regardless of venue, seeing a few drafts
>> that showed us good ways to handle privacy in IETF
>> protocols would be useful IMO.
>> 
>> For example, the IESG recently reviewed the SIP
>> common log format. [1] As part of the review I asked
>> if the WG had considered privacy and the answer was
>> essentially no and nor had they thought about any
>> privacy-friendly ways to handle identifiers in
>> log files that might be exchanged between domains.
>> 
>> It'd have been great to be able to say "go look
>> at RFC xxxx where it shows you ten possible ways
>> to do that."
>> 
>> S
>> 
>> [1] http://datatracker.ietf.org/doc/draft-ietf-sipclf-problem-statement/
>> 
>> 
>> On 02/24/2012 10:33 PM, David Chadwick wrote:
>>> Hi Klaas
>>> 
>>> I agree with you. It might that IRTF is more appropriate for some work
>>> items, but this is something the ADs can decide
>>> 
>>> regards
>>> 
>>> David
>>> 
>>> On 24/02/2012 18:56, Klaas Wierenga wrote:
>>>> Hi Hannes,
>>>> 
>>>> Perhaps I am mistaken, but it seems that there is a bit too much
>>>> focus on what is possible with *todays* technology. I would rather
>>>> like to focus on properties we would *like* to see, and possibly work
>>>> on those in the IETF (but most likely other fora).... But still that
>>>> is probably not for a terminology document, but I do think we need to
>>>> be able to express all desirable properties using the terms from the
>>>> terminology document.
>>>> 
>>>> Klaas
>>>> 
>>>> Sent from my iPad
>>>> 
>>>> On 24 feb. 2012, at 19:47, Hannes
>>>> Tschofenig<hannes.tschofenig@gmx.net> wrote:
>>>> 
>>>>> Hi David,
>>>>> 
>>>>> this specific case seems to have pretty tough privacy requirements:
>>>>> you want to avoid having relying parties to know who the identity
>>>>> providers are AND also want to avoid letting identity providers
>>>>> know which relying parties data subjects talk to AND finally you
>>>>> want to avoid collusion among relying parties to learn more about
>>>>> data subjects.
>>>>> 
>>>>> It is interesting to see how a set of privacy requirements produce
>>>>> a system that has questionable privacy properties...
>>>>> 
>>>>> Ciao Hannes
>>>>> 
>>>>> PS: Whenever one talks about trust it is useful to mention 'who is
>>>>> trusted by whom to do what'.
>>>>> 
>>>>> On Feb 22, 2012, at 12:37 AM, David Chadwick wrote:
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On 20/02/2012 17:16, Rhys Smith wrote:
>>>>>>> On 15 Feb 2012, at 06:06, zhou.sujing@zte.com.cn
>>>>>>> <mailto:zhou.sujing@zte.com.cn> wrote:
>>>>>>> 
>>>>>>>>> Well, even more, the idp should not know at all which rp I
>>>>>>>>> talk to in the first place.
>>>>>>>> 
>>>>>>>> It is a strong privacy reqirement. Idoubt solutions in ABFAB
>>>>>>>> can provide this feature.
>>>>>>> 
>>>>>>> Yes, ABFAB cannot do this natively.
>>>>>>> 
>>>>>>> Though there are always ways around this. SAML cannot do this
>>>>>>> natively either, but the Cabinet Office (UK government) is in
>>>>>>> the middle of setting up a national federated infrastructure
>>>>>>> with exactly this properly, which it achieves by having a
>>>>>>> gateway in the middle which mediates all traffic.
>>>>>> 
>>>>>> Hmmm. the design of this is very questionnable (and opaque). Full
>>>>>> trust must be given to the gateway, without any assurance that it
>>>>>> is trustworthy. It is not even mentioned in the trust assurance
>>>>>> document.
>>>>>> 
>>>>>> regards
>>>>>> 
>>>>>> David
>>>>>> 
>>>>>>> 
>>>>>>> Note that this privacy requirement may well be asymmetric -
>>>>>>> there may be a difference between the IdP not being able to
>>>>>>> know about which RP the user is using, and the RP not knowing
>>>>>>> which IdP the user came from...
>>>>>>> 
>>>>>>> R. -- Dr Rhys Smith Identity, Access, and Middleware
>>>>>>> Specialist Cardiff University& Janet - the UK's education and
>>>>>>> research network
>>>>>>> 
>>>>>>> email: smith@cardiff.ac.uk<mailto:smith@cardiff.ac.uk> /
>>>>>>> rhys.smith@ja.net<mailto:rhys.smith@ja.net> GPG: 0xDE2F024C
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________ ietf-privacy
>>>>>>> mailing list ietf-privacy@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy
>>>>>> 
>>>>>> --
>>>>>> 
>>>>>> *****************************************************************
>>>>>> 
>>>>>> 
>>> David W. Chadwick, BSc PhD
>>>>>> Professor of Information Systems Security School of Computing,
>>>>>> University of Kent, Canterbury, CT2 7NF Skype Name:
>>>>>> davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile:
>>>>>> +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page:
>>>>>> http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research
>>>>>> Web site:
>>>>>> http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust
>>>>>> key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
>>>>>> 
>>>>>> *****************************************************************
>>>>>> 
>>>>>> 
>>> _______________________________________________
>>>>>> ietf-privacy mailing list ietf-privacy@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy
>>>>> 
>>>>> _______________________________________________ ietf-privacy
>>>>> mailing list ietf-privacy@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy
>>>> 
>>>

v2.23.0 | Report a Bug | By Email