Re: [ietf-privacy] [perpass] New Version Notification for draft-cooper-ietf-privacy-requirements-00.txt
Alissa Cooper <acooper@cdt.org> Mon, 23 September 2013 14:32 UTC
Return-Path: <acooper@cdt.org>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7257411E8182; Mon, 23 Sep 2013 07:32:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.052
X-Spam-Level:
X-Spam-Status: No, score=-102.052 tagged_above=-999 required=5 tests=[AWL=0.547, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rtkoVGPBz7+7; Mon, 23 Sep 2013 07:32:49 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id 77E7411E80DF; Mon, 23 Sep 2013 07:32:48 -0700 (PDT)
X-Footer: Y2R0Lm9yZw==
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Mon, 23 Sep 2013 10:32:47 -0400
Content-Type: multipart/signed; boundary="Apple-Mail=_B350BDE5-C411-4894-A48F-18E5FDB121ED"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Alissa Cooper <acooper@cdt.org>
In-Reply-To: <8E31A51D-6452-4A82-9FA6-3EBA26628416@tik.ee.ethz.ch>
Date: Mon, 23 Sep 2013 10:32:49 -0400
Message-Id: <CBFDAFB3-27C1-477A-804A-74DB6DB17EAE@cdt.org>
References: <20130920162352.23295.48024.idtracker@ietfa.amsl.com> <523C79A8.5050902@cs.tcd.ie> <8E31A51D-6452-4A82-9FA6-3EBA26628416@tik.ee.ethz.ch>
To: Brian Trammell <trammell@tik.ee.ethz.ch>
X-Mailer: Apple Mail (2.1499)
Cc: ietf-privacy@ietf.org, perpass <perpass@ietf.org>
Subject: Re: [ietf-privacy] [perpass] New Version Notification for draft-cooper-ietf-privacy-requirements-00.txt
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 14:32:54 -0000
Hi Brian, Thanks for your comments. On Sep 23, 2013, at 3:40 AM, Brian Trammell <trammell@tik.ee.ethz.ch> wrote: > hi Stephen, all, > > (copying ietf-privacy as requested in the draft) > > I've read the draft; it's a very good and welcome start at extending 6973 to a set of concrete recommendations for protocol design. I've got one comment on opportunistic encryption, though: > > In section 3, halfway down the page: "...at minimum, opportunistic encryption needs to be well-defined for almost all new IETF standards track protocols." > > I understand the rationale behind that "almost", but the lines around it will need to be very clearly drawn. On brief consideration, I cannot think of a single _new_ protocol for which opportunistic encryption shouldn't be the default, for reasons other than interoperability with an existing protocol that has a significant installed base. Even in such cases, I think it would be useful to be very clear that communication in the clear for interoperability is an exception, a "legacy" mode, "to be deprecated", or other not-very-happy-sounding words that mean "we realize we're stuck with it in this case but that's really no excuse." I have not been super comfortable with the "almost" either. I've been thinking instead of something like: "As a consequence, at minimum, opportunistic encryption needs to be well-defined for new IETF standards track protocols. This requirement may be waved only in exceptional circumstances where the protocol's utility would be eliminated or severely diminished if opportunistic encryption were defined." > > The information radiated even from protocols which have no obvious connection with personal data can be correlated with other information which can paint a very rich behavioral picture, that only takes one unprotected link in the chain to associate with an identity. Opportunistic encryption everywhere reduces the content of this radiated information, as well as reducing the risk of unprotected links holding some associable identifier. So exceptions will have to be very well justified if an aim of this work is protection of privacy against pervasive surveillance. I'm not ready to ink this on my skin, but it does seem like good text to add to the document, with minimal tweaks. :) Alissa > > Cheers, > > Brian > > On Sep 20, 2013, at 6:36 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > >> >> FYI. Comments welcome. >> >> S. >> >> >> -------- Original Message -------- >> Subject: New Version Notification for >> draft-cooper-ietf-privacy-requirements-00.txt >> Date: Fri, 20 Sep 2013 09:23:52 -0700 >> From: internet-drafts@ietf.org >> To: Alissa Cooper <acooper@cdt.org>, Sean Turner <turners@ieca.com>, >> Stephen Farrell <stephen.farrell@cs.tcd.ie> >> >> >> A new version of I-D, draft-cooper-ietf-privacy-requirements-00.txt >> has been successfully submitted by Alissa Cooper and posted to the >> IETF repository. >> >> Filename: draft-cooper-ietf-privacy-requirements >> Revision: 00 >> Title: Privacy Requirements for IETF Protocols >> Creation date: 2013-09-20 >> Group: Individual Submission >> Number of pages: 11 >> URL: >> http://www.ietf.org/internet-drafts/draft-cooper-ietf-privacy-requirements-00.txt >> Status: >> http://datatracker.ietf.org/doc/draft-cooper-ietf-privacy-requirements >> Htmlized: >> http://tools.ietf.org/html/draft-cooper-ietf-privacy-requirements-00 >> >> >> Abstract: >> It is the consensus of the IETF that IETF protocols be designed to >> avoid privacy violations to the extent possible. This document >> establishes a number of protocol design choices as Best Current >> Practices for the purpose of avoiding such violations. >> >> >> >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> >> _______________________________________________ >> perpass mailing list >> perpass@ietf.org >> https://www.ietf.org/mailman/listinfo/perpass > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass
- [ietf-privacy] Fwd: New Version Notification for … Stephen Farrell
- Re: [ietf-privacy] Fwd: New Version Notification … SM
- Re: [ietf-privacy] Fwd: New Version Notification … Stephen Farrell
- Re: [ietf-privacy] New Version Notification for d… S Moonesamy
- Re: [ietf-privacy] [perpass] New Version Notifica… Brian Trammell
- Re: [ietf-privacy] [perpass] New Version Notifica… Robin Wilton
- Re: [ietf-privacy] [perpass] New Version Notifica… Stephen Farrell
- Re: [ietf-privacy] [perpass] New Version Notifica… Alissa Cooper
- Re: [ietf-privacy] [perpass] New Version Notifica… Brian Trammell
- Re: [ietf-privacy] [perpass] New Version Notifica… Stephen Farrell
- Re: [ietf-privacy] New Version Notification for d… Avri Doria
- Re: [ietf-privacy] New Version Notification for d… Scott Brim
- Re: [ietf-privacy] New Version Notification for d… Stephen Farrell