IETF Logo Mail Archive

Re: [ietf-privacy] [perpass] New Version Notification for draft-cooper-ietf-privacy-requirements-00.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 24 September 2013 08:26 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F064E21F9D0A; Tue, 24 Sep 2013 01:26:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.856
X-Spam-Level:
X-Spam-Status: No, score=-102.856 tagged_above=-999 required=5 tests=[AWL=-0.257, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rXSfx1+YGMum; Tue, 24 Sep 2013 01:26:06 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 9139B21F92B8; Tue, 24 Sep 2013 01:26:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 86AFBBE74; Tue, 24 Sep 2013 09:26:00 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id klAqYHtmYTNK; Tue, 24 Sep 2013 09:26:00 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 609EDBE73; Tue, 24 Sep 2013 09:26:00 +0100 (IST)
Message-ID: <52414C98.1080506@cs.tcd.ie>
Date: Tue, 24 Sep 2013 09:26:00 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: Karl Malbrain <karl@petzent.com>
References: <65EEC6E375AA474A847D510D5B7E837480F59A8F@mail2010>
In-Reply-To: <65EEC6E375AA474A847D510D5B7E837480F59A8F@mail2010>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>, "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [ietf-privacy] [perpass] New Version Notification for draft-cooper-ietf-privacy-requirements-00.txt
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 08:26:12 -0000

Hi Karl,

On 09/23/2013 05:32 PM, Karl Malbrain wrote:
> 
> 
>> -----Original Message----- From: Stephen Farrell
>> [mailto:stephen.farrell@cs.tcd.ie] Sent: Friday, September 20, 2013
>> 12:09 To: Karl Malbrain Cc: acooper@cdt.org; perpass@ietf.org 
>> Subject: Re: [perpass] New Version Notification for
>> draft-cooper-ietf-privacy- requirements-00.txt
>> 
>> 
>> 
>> On 09/20/2013 07:50 PM, Karl Malbrain wrote:
>>> "Note that this is contingent on practicality - if some personal
>>> data really has to be sent in clear for a protocol to be able to
>>> operate, and even opportunistic encryption is not possible, then
>>> a standards- track protocol that does not define how to protect
>>> that data will be consistent with this BCP.  The IETF will have
>>> to decide in such cases whether standardizing that protocol
>>> benefits the Internet or not."
>>> 
>>> 
>>> 1. Is the value of a personal public key considered "personal
>>> data"? In TLS client authentication, these keys are requested.
>> 
>> I doubt there's any data-protection regulator views on that (TLS
>> client-auth being so rare on the public Internet) but basically,
>> I'd say yeah, its an identifier that generally won't change for
>> extended periods. That's one of the motivations for doing TLS 1.3 -
>> to hide such handshake data for example.
>> 
> 
> Apart from the desirability of encrypting the personal public key
> when it is sent (e.g. OE), is association with a person on a server
> of a hash of the public key for subsequent authentication purposes
> covered by this BCP?

Well, its not a BCP yet, its a proposal. But assuming for the
moment it became a BCP unchanged, then I'd say that the protocol
used to access a person's public key or public key hash from
such a server would be covered by the BCP yes.

>>> 2. Under the goal of MITM resistance, how can opportunistic
>>> encryption provide security without authentication? I think that
>>> an authentication layer on top of opportunistic encryption is
>>> required.
>> 
>> I disagree. "Security" is not a binary state of affairs. 
>> Opportunistic encryption without authentication can provide some
>> value, esp in this context where it forces a more active and
>> presumably expensive and more likely detected attack if you want to
>> pervasively monitor everyone.
> 
> I think that a security evaluation should be broken down into
> individual attributes, each of which can be evaluated yes/no.
> Resistance to MITM attack for example.  Resistance to passive
> surveillance is another attribute.

Yes, those are different things. And there can be a tension
between them.

S.

> 
> Karl Malbrain _______________________________________________ perpass
> mailing list perpass@ietf.org 
> https://www.ietf.org/mailman/listinfo/perpass
>

v2.23.0 | Report a Bug | By Email