Re: [ietf-privacy] Is there an official working definition for Privacy Online?

Alissa Cooper <> Thu, 05 May 2016 15:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C83FA12D9F8 for <>; Thu, 5 May 2016 08:00:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key) header.b=d+qczziD; dkim=pass (1024-bit key) header.b=GzEoyLOY
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MRK3e1XSoBYn for <>; Thu, 5 May 2016 08:00:16 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2369312DA53 for <>; Thu, 5 May 2016 07:53:26 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 7F9A220718 for <>; Thu, 5 May 2016 10:53:25 -0400 (EDT)
Received: from frontend1 ([]) by compute2.internal (MEProxy); Thu, 05 May 2016 10:53:25 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=I/AaBEY6At2l0WokAaN7/8HU0YM=; b=d+qczz iDnVwTPv9ffF0GluYkmh8TX3pZM6zQYe/hHM1YrGr/ZEZE6pUy6fkOmW76oL1dXR GhWQxYKlzAHgrq5tOaX/JLdiAaQMn6xVPnuUj1wrWYA+SfZkER6DNctEuqqxstdG emYMJfhzyjo3F+YUwm/XLyAiTtXlMq+snWioM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=I/AaBEY6At2l0Wo kAaN7/8HU0YM=; b=GzEoyLOYWSlQmsMdCp47GH03XdodSs9nzbFu6pQFdk27noH CWrqNjxLUUzH5pwEcar1xmZONX2fLQ5qNXEO9gXKCJw1pDMaiqfcUH3eAVLfw5Pn CbGmFQdZnobn3OniIHB9+d6ct6g6MKxILktXP5sJaxFrFy/24O3qEfF4KNmU=
X-Sasl-enc: syNRgctDiPX4+Un45W7F4F+kbwZBYUZHmqDkolNVsx4Y 1462460005
Received: from (unknown []) by (Postfix) with ESMTPA id A290DC00027; Thu, 5 May 2016 10:53:24 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <>
In-Reply-To: <029801d1a4b9$c3b57850$4b2068f0$>
Date: Thu, 05 May 2016 07:53:23 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <> <015a01d0798d$509954c0$f1cbfe40$> <> <> <029801d1a4b9$c3b57850$4b2068f0$>
To: Christian Huitema <>
X-Mailer: Apple Mail (2.3124)
Archived-At: <>
Cc:,, Josh Howlett <>
Subject: Re: [ietf-privacy] Is there an official working definition for Privacy Online?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet Privacy Discussion List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 May 2016 15:00:18 -0000

> On May 2, 2016, at 2:29 PM, Christian Huitema <> wrote:
> On Sunday, May 1, 2016 4:12 PM, Dave Crocker wrote:
>> If the term is to be a non-technical and vague reference, then let's stop
> using it
>> as if it were a technical term.  Philosophical, academic and social terms
> are
>> fine; the problem is when we use them as if they pertained to technical
>> specifics.
> Well, we do use the term "security" liberally, don't we? It is certainly
> just as vague, but it is useful as a section header. It encourages protocol
> designers to be concerned with the broad issue of security attacks. I think
> that we have consensus that protocol designers should also be concerned with
> the broad issue of privacy attacks.

+1. If people want to consider privacy as a heading under which we group a bunch of different kinds of attacks, that works perfectly well I think.

Rather than spending a lot of time to try to find a magical two-sentence definition that everyone can agree on (which I doubt is feasible), I think the time would be better spent on refining how we define the set of attacks and mitigations against them, building on or fixing what’s in RFC 6973, possibly turning bits of that into a BCP, etc. The two sentences will not be directly actionable no matter what they say, whereas a comprehensive threat model and mitigations suite could be.


>> If we intend the term to have technical utility, it's needs precise and
> useful
>> definition.
> It took some time to establish categories for security attacks -- denial of
> service, information disclosure, spoofing, elevation of privilege, etc. The
> analysis of privacy attacks is not quite as advanced, but we start getting
> broad categories, such as disclosure of the exchanged data, disclosure of
> metadata, linkability of different activities, and disclosure of traffic
> patterns. As we gain more experience, I expect that these categories will
> stabilize.
> -- Christian Huitema
> _______________________________________________
> ietf-privacy mailing list