IETF Logo Mail Archive

Re: [ietf-privacy] [perpass] Wiki for managing PPM reviews of existing RFCs

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 24 March 2014 15:03 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 633A71A01C7 for <ietf-privacy@ietfa.amsl.com>; Mon, 24 Mar 2014 08:03:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ik45SUCJK6OJ for <ietf-privacy@ietfa.amsl.com>; Mon, 24 Mar 2014 08:03:07 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id DC2AD1A0204 for <ietf-privacy@ietf.org>; Mon, 24 Mar 2014 08:03:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 494A9BE59; Mon, 24 Mar 2014 15:03:05 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lcy2UUdABtOu; Mon, 24 Mar 2014 15:03:05 +0000 (GMT)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D43FCBE54; Mon, 24 Mar 2014 15:03:02 +0000 (GMT)
Message-ID: <53304926.2010309@cs.tcd.ie>
Date: Mon, 24 Mar 2014 15:03:02 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: "Horne, Rob" <rob.horne@trustis.com>, "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>
References: <CAPv4CP9otoccFv9ARVHwqqF6nzKT-p7uDWF=ceCotiDCgL=rqA@mail.gmail.com> <201403241049032689006@cnnic.cn> <CAPv4CP_fdfp8i3rqP+C9DA=c=VKodsjDUo=GE-Ypm-dcf8OK9A@mail.gmail.com> <3547090b573548c78b61b1f9bc02c92c@THHSTE15D1BE5.hs20.net>
In-Reply-To: <3547090b573548c78b61b1f9bc02c92c@THHSTE15D1BE5.hs20.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/XmumTxrQcnPCaQj6ECnGv-u8Zd4
Subject: Re: [ietf-privacy] [perpass] Wiki for managing PPM reviews of existing RFCs
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Mar 2014 15:03:10 -0000

Hi Rob,

On 03/24/2014 12:31 PM, Horne, Rob wrote:
> Hi, I'm interested in reviewing RFCs so could someone tell me - or
> point me in the direction of - what the goals are, how to conduct a
> review and what exactly are we looking for?

I guess you can infer most of that from threads on this and the
perpass [1] mailing list, the notes from the Monday lunch [2]
and the wiki [3].

But since that's a lot of putting stuff together, here's my quick
summary:

- The IETF are rightly putting some more focus on privacy both
as a result of [4] and [5], but also because its the right thing
to do
- Part of that will involve figuring out how better to handle
reviews of works-in-progress, e.g. via secdir and gen-art reviews,
but that's not this activity (though will be informed by it)
- Another part (initially suggested I think by Christian Huitema
back in Vancouver) is reviewing existing RFCs and that is this
bit
- The goal of these reviews is to analyse those existing RFCs
for privacy issues or issues related to pervasive monitoring
and document those in some useful fashion
- Ideally, that analysis might also suggest mitigations, some
of which might be things one can do now, whilst others might
be things that'd require changes to protocols, implementations
or deployments
- For the latter cases, we're not proposing to do everything
now, but as and when protocols are revised (or if we find
something startling) then we'd hope that revisions would take
account of the analyses done here (and because [4] is now
approved as a new BCP, that is not a forlorn hope:-)
- In some cases, reviews will highlight privacy issues that
might not be intrinsic to the protocol in the RFC, but that
arise due to how that protocol is now deployed (which may be
quite different from how that was initially envisaged to
happen)
- Writing up the analysis as an Internet-draft is a fine
way to do that (so its archived etc.); there are a couple
of examples in the tracker which should be useful help
- Avri and Scott have been helping out with organising this and
have put up the wiki at [1]
- For people who want to review something - go pick a thing for
which you think you're qualified to do a good review and ideally
which you think is important and then... just do it
- Its not a sin to find nothing nor to do an imperfect job, but
the better the job done... the better the job done:-)
- Make a ticket so's we don't waste effort having a few folks
doing stuff and so we can keep track
- I'd say maybe don't put in speculative tickets (e.g. meaning
"someone, but not me, really ought review RFCxxxx"), but just
add tickets for stuff you've done or are doing now or in the
quite near future
- Try get initial work done and visible by mid-May so we can
see how we're doing and consider that before and during the
July IETF

Cheers, (and thanks all for doing stuff!),
S.


[1] http://www.ietf.org/mail-archive/web/perpass/current/maillist.html
[2] http://www.ietf.org/mail-archive/web/perpass/current/msg01640.html
[3] https://trac.tools.ietf.org/group/ppm-legacy-review/wiki
[4] http://tools.ietf.org/html/draft-farrell-perpass-attack
[5] http://tools.ietf.org/html/draft-barnes-pervasive-problem-00


> 
> 
> 
> Thanks,
> 
> Rob
> 
> 
> 
> 
> 
> 
> 
> 
> 
> From: ietf-privacy [mailto:ietf-privacy-bounces@ietf.org] On Behalf
> Of Scott Brim Sent: 24 March 2014 12:23 To: yaojk Cc:
> ietf-privacy@ietf.org; perpass Subject: Re: [ietf-privacy] [perpass]
> Wiki for managing PPM reviews of existing RFCs
> 
> 
> 
> 
> On Mar 23, 2014 10:49 PM, "Jiankang Yao"
> <yaojk@cnnic.cn<mailto:yaojk@cnnic.cn>> wrote:
>> since there are thousands of RFCs, it is better that they can be
>> reviewd by category. for example, based on the following category: 
>> http://www.faqs.org/rfcs/np.html
>> 
>> Jiankang Yao
> 
> We want to make sure the essential RFCs are reviewed, and categories
> are a good way to organize that if you know what categories to use.
> We don't have enough experience yet to know what good categories
> would be -- we don't know how many reviewers we will have our their
> interest areas. To start with let's just get everyone doing reviews.
> We can organize them later, once we get over a hundred.
> 
> Thanks... Scott
> 
> 
> 
> 
> _______________________________________________ ietf-privacy mailing
> list ietf-privacy@ietf.org 
> https://www.ietf.org/mailman/listinfo/ietf-privacy
>

v2.23.0 | Report a Bug | By Email