Re: [ietf-privacy] [Tzdist] [saag] Fwd: WGLC for draft-ietf-tzdist-service-05

Paul Eggert <eggert@cs.ucla.edu> Sat, 31 January 2015 00:54 UTC

Return-Path: <eggert@cs.ucla.edu>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB88A1A87E7; Fri, 30 Jan 2015 16:54:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id liaCse2rHp0c; Fri, 30 Jan 2015 16:54:00 -0800 (PST)
Received: from smtp.cs.ucla.edu (smtp.cs.ucla.edu [131.179.128.62]) by ietfa.amsl.com (Postfix) with ESMTP id 3CA371A1C04; Fri, 30 Jan 2015 16:54:00 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id F19E6A60229; Fri, 30 Jan 2015 16:53:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56Ujm8xEYf8l; Fri, 30 Jan 2015 16:53:58 -0800 (PST)
Received: from [192.168.1.9] (pool-173-55-11-52.lsanca.fios.verizon.net [173.55.11.52]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 8415FA60226; Fri, 30 Jan 2015 16:53:58 -0800 (PST)
Message-ID: <54CC27A1.8000308@cs.ucla.edu>
Date: Fri, 30 Jan 2015 16:53:53 -0800
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Cyrus Daboo <cyrus@daboo.name>
References: <CADZyTkkLu6qQ9LCqDkTHA9o+-YVvQuaUp33kqkAt=PRaQS-Jew@mail.gmail.com> <CADZyTkkCrvTam_ba7Tq6A-cHAVZn+ktKqwWsr_PNQaz2jyTkUQ@mail.gmail.com> <874mr9aucv.fsf@alice.fifthhorseman.net> <54CB15AB.40400@cisco.com> <54CB2D4F.7050302@cisco.com> <7C672BF606D0621F4E873E1C@cyrus.local>
In-Reply-To: <7C672BF606D0621F4E873E1C@cyrus.local>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-privacy/XjVdLc02Db6wXEK8RbbiCO5HEZg>
X-Mailman-Approved-At: Fri, 30 Jan 2015 17:03:13 -0800
Cc: ietf-privacy@ietf.org, Time Zone Data Distribution Service <tzdist@ietf.org>, Daniel Migault <mglt.ietf@gmail.com>
Subject: Re: [ietf-privacy] [Tzdist] [saag] Fwd: WGLC for draft-ietf-tzdist-service-05
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jan 2015 00:54:02 -0000

Cyrus Daboo wrote:
> I will try and propose some text for a Privacy Considerations section

Although we will need such a section, the tzdist privacy issues dkg raised 
shouldn't be addressed merely by adding a section that says in essence, "yes, 
admittedly tzdist's privacy stinks, but at least we've clearly documented that 
it stinks".  Let's instead use his helpful review to adjust the protocol so that 
it better preserves privacy.

Doing that will take some work, but it's doable.  Here are a couple of thoughts 
in that direction.

First, we can prevent servers from tracking users via ETag or steganographic 
data by requiring standard ETags (e.g., "tz2015a") and normalized data.  Yes, 
this is a bit harder to implement on the server side, but it's not *that* hard, 
and it does prevent this privacy abuse.

Second, we can prevent tracking users via query parameters by making the typical 
query be simply "Give me everything", thus avoiding the parameters.  As the 
entire tz database can be communicated in 25 kB in compressed format, this will 
be reasonably efficient (when combined with standard ETags) and will better 
preserve privacy.  Yes, this also requires more work (on both client and server 
side), but it's not that much work, and if we really want privacy it should be 
work we're willing to do.