Re: [ietf-privacy] [perpass] Wiki for managing PPM reviews of existing RFCs
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 24 March 2014 15:03 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 633A71A01C7 for <ietf-privacy@ietfa.amsl.com>; Mon, 24 Mar 2014 08:03:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ik45SUCJK6OJ for <ietf-privacy@ietfa.amsl.com>; Mon, 24 Mar 2014 08:03:07 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id DC2AD1A0204 for <ietf-privacy@ietf.org>; Mon, 24 Mar 2014 08:03:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 494A9BE59; Mon, 24 Mar 2014 15:03:05 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lcy2UUdABtOu; Mon, 24 Mar 2014 15:03:05 +0000 (GMT)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D43FCBE54; Mon, 24 Mar 2014 15:03:02 +0000 (GMT)
Message-ID: <53304926.2010309@cs.tcd.ie>
Date: Mon, 24 Mar 2014 15:03:02 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: "Horne, Rob" <rob.horne@trustis.com>, "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>
References: <CAPv4CP9otoccFv9ARVHwqqF6nzKT-p7uDWF=ceCotiDCgL=rqA@mail.gmail.com> <201403241049032689006@cnnic.cn> <CAPv4CP_fdfp8i3rqP+C9DA=c=VKodsjDUo=GE-Ypm-dcf8OK9A@mail.gmail.com> <3547090b573548c78b61b1f9bc02c92c@THHSTE15D1BE5.hs20.net>
In-Reply-To: <3547090b573548c78b61b1f9bc02c92c@THHSTE15D1BE5.hs20.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/XmumTxrQcnPCaQj6ECnGv-u8Zd4
Subject: Re: [ietf-privacy] [perpass] Wiki for managing PPM reviews of existing RFCs
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Mar 2014 15:03:10 -0000
Hi Rob, On 03/24/2014 12:31 PM, Horne, Rob wrote: > Hi, I'm interested in reviewing RFCs so could someone tell me - or > point me in the direction of - what the goals are, how to conduct a > review and what exactly are we looking for? I guess you can infer most of that from threads on this and the perpass [1] mailing list, the notes from the Monday lunch [2] and the wiki [3]. But since that's a lot of putting stuff together, here's my quick summary: - The IETF are rightly putting some more focus on privacy both as a result of [4] and [5], but also because its the right thing to do - Part of that will involve figuring out how better to handle reviews of works-in-progress, e.g. via secdir and gen-art reviews, but that's not this activity (though will be informed by it) - Another part (initially suggested I think by Christian Huitema back in Vancouver) is reviewing existing RFCs and that is this bit - The goal of these reviews is to analyse those existing RFCs for privacy issues or issues related to pervasive monitoring and document those in some useful fashion - Ideally, that analysis might also suggest mitigations, some of which might be things one can do now, whilst others might be things that'd require changes to protocols, implementations or deployments - For the latter cases, we're not proposing to do everything now, but as and when protocols are revised (or if we find something startling) then we'd hope that revisions would take account of the analyses done here (and because [4] is now approved as a new BCP, that is not a forlorn hope:-) - In some cases, reviews will highlight privacy issues that might not be intrinsic to the protocol in the RFC, but that arise due to how that protocol is now deployed (which may be quite different from how that was initially envisaged to happen) - Writing up the analysis as an Internet-draft is a fine way to do that (so its archived etc.); there are a couple of examples in the tracker which should be useful help - Avri and Scott have been helping out with organising this and have put up the wiki at [1] - For people who want to review something - go pick a thing for which you think you're qualified to do a good review and ideally which you think is important and then... just do it - Its not a sin to find nothing nor to do an imperfect job, but the better the job done... the better the job done:-) - Make a ticket so's we don't waste effort having a few folks doing stuff and so we can keep track - I'd say maybe don't put in speculative tickets (e.g. meaning "someone, but not me, really ought review RFCxxxx"), but just add tickets for stuff you've done or are doing now or in the quite near future - Try get initial work done and visible by mid-May so we can see how we're doing and consider that before and during the July IETF Cheers, (and thanks all for doing stuff!), S. [1] http://www.ietf.org/mail-archive/web/perpass/current/maillist.html [2] http://www.ietf.org/mail-archive/web/perpass/current/msg01640.html [3] https://trac.tools.ietf.org/group/ppm-legacy-review/wiki [4] http://tools.ietf.org/html/draft-farrell-perpass-attack [5] http://tools.ietf.org/html/draft-barnes-pervasive-problem-00 > > > > Thanks, > > Rob > > > > > > > > > > From: ietf-privacy [mailto:ietf-privacy-bounces@ietf.org] On Behalf > Of Scott Brim Sent: 24 March 2014 12:23 To: yaojk Cc: > ietf-privacy@ietf.org; perpass Subject: Re: [ietf-privacy] [perpass] > Wiki for managing PPM reviews of existing RFCs > > > > > On Mar 23, 2014 10:49 PM, "Jiankang Yao" > <yaojk@cnnic.cn<mailto:yaojk@cnnic.cn>> wrote: >> since there are thousands of RFCs, it is better that they can be >> reviewd by category. for example, based on the following category: >> http://www.faqs.org/rfcs/np.html >> >> Jiankang Yao > > We want to make sure the essential RFCs are reviewed, and categories > are a good way to organize that if you know what categories to use. > We don't have enough experience yet to know what good categories > would be -- we don't know how many reviewers we will have our their > interest areas. To start with let's just get everyone doing reviews. > We can organize them later, once we get over a hundred. > > Thanks... Scott > > > > > _______________________________________________ ietf-privacy mailing > list ietf-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-privacy >
- [ietf-privacy] Wiki for managing PPM reviews of e… Scott Brim
- Re: [ietf-privacy] Wiki for managing PPM reviews … Christian Huitema
- Re: [ietf-privacy] Wiki for managing PPM reviews … Avri Doria
- Re: [ietf-privacy] Wiki for managing PPM reviews … Christian Huitema
- Re: [ietf-privacy] [perpass] Wiki for managing PP… Jiankang Yao
- Re: [ietf-privacy] Wiki for managing PPM reviews … Stephane Bortzmeyer
- Re: [ietf-privacy] [perpass] Wiki for managing PP… Stephen Farrell
- Re: [ietf-privacy] Wiki for managing PPM reviews … Stephane Bortzmeyer
- Re: [ietf-privacy] Wiki for managing PPM reviews … Scott Brim
- Re: [ietf-privacy] [perpass] Wiki for managing PP… Scott Brim
- Re: [ietf-privacy] Wiki for managing PPM reviews … Scott Brim
- Re: [ietf-privacy] [perpass] Wiki for managing PP… Horne, Rob
- Re: [ietf-privacy] Wiki for managing PPM reviews … Scott Brim
- Re: [ietf-privacy] Wiki for managing PPM reviews … Stephane Bortzmeyer
- Re: [ietf-privacy] [perpass] Wiki for managing PP… Stephen Farrell
- Re: [ietf-privacy] [perpass] Wiki for managing PP… Horne, Rob
- Re: [ietf-privacy] [perpass] Wiki for managing PP… Scott Brim