Re: [ietf-privacy] [perpass] Wiki for managing PPM reviews of existing RFCs

"Horne, Rob" <rob.horne@trustis.com> Mon, 24 March 2014 15:17 UTC

Return-Path: <rob.horne@trustis.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 669FC1A022E for <ietf-privacy@ietfa.amsl.com>; Mon, 24 Mar 2014 08:17:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.13
X-Spam-Level:
X-Spam-Status: No, score=-1.13 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6zfcwC0ie0Rv for <ietf-privacy@ietfa.amsl.com>; Mon, 24 Mar 2014 08:17:41 -0700 (PDT)
Received: from mail1.bemta5.messagelabs.com (mail1.bemta5.messagelabs.com [195.245.231.142]) by ietfa.amsl.com (Postfix) with ESMTP id 31A6E1A0227 for <ietf-privacy@ietf.org>; Mon, 24 Mar 2014 08:17:41 -0700 (PDT)
Received: from [85.158.136.35:38663] by server-6.bemta-5.messagelabs.com id 74/30-19576-39C40335; Mon, 24 Mar 2014 15:17:39 +0000
X-Env-Sender: rob.horne@trustis.com
X-Msg-Ref: server-8.tower-125.messagelabs.com!1395674258!20655762!1
X-Originating-IP: [217.28.140.9]
X-StarScan-Received:
X-StarScan-Version: 6.11.1; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 31410 invoked from network); 24 Mar 2014 15:17:38 -0000
Received: from smtp.hs20.net (HELO outlook.hs20.net) (217.28.140.9) by server-8.tower-125.messagelabs.com with AES256-SHA encrypted SMTP; 24 Mar 2014 15:17:38 -0000
Received: from THHSTE15D1BE5.hs20.net (192.168.251.26) by thhste15d1be5.hs20.net (192.168.251.26) with Microsoft SMTP Server (TLS) id 15.0.775.38; Mon, 24 Mar 2014 15:17:31 +0000
Received: from THHSTE15D1BE5.hs20.net ([fe80::4064:274f:d635:873e]) by THHSTE15D1BE5.hs20.net ([fe80::4064:274f:d635:873e%15]) with mapi id 15.00.0775.031; Mon, 24 Mar 2014 15:17:14 +0000
From: "Horne, Rob" <rob.horne@trustis.com>
To: "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>
Thread-Topic: [ietf-privacy] [perpass] Wiki for managing PPM reviews of existing RFCs
Thread-Index: AQHPR3IqUAfxBcDb5Ueq9L0mqLwx7JrwWTWA
Date: Mon, 24 Mar 2014 15:17:13 +0000
Message-ID: <a49e91d90d284064b8612152958fc9bd@THHSTE15D1BE5.hs20.net>
References: <CAPv4CP9otoccFv9ARVHwqqF6nzKT-p7uDWF=ceCotiDCgL=rqA@mail.gmail.com> <201403241049032689006@cnnic.cn> <CAPv4CP_fdfp8i3rqP+C9DA=c=VKodsjDUo=GE-Ypm-dcf8OK9A@mail.gmail.com> <3547090b573548c78b61b1f9bc02c92c@THHSTE15D1BE5.hs20.net> <53304926.2010309@cs.tcd.ie>
In-Reply-To: <53304926.2010309@cs.tcd.ie>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [86.172.205.172]
x-exclaimer-md-config: 266e7a57-cddd-49fd-bdea-19bca6d40303
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/sDesbVG1RzfwoWDDd0PSq8zW2dc
Subject: Re: [ietf-privacy] [perpass] Wiki for managing PPM reviews of existing RFCs
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Mar 2014 15:17:44 -0000

Thanks for the excellent summary Stephen, Looks like I've got some reading to do before I get started :-)

Rob




-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
Sent: 24 March 2014 15:03
To: Horne, Rob; ietf-privacy@ietf.org
Subject: Re: [ietf-privacy] [perpass] Wiki for managing PPM reviews of existing RFCs


Hi Rob,

On 03/24/2014 12:31 PM, Horne, Rob wrote:
> Hi, I'm interested in reviewing RFCs so could someone tell me - or
> point me in the direction of - what the goals are, how to conduct a
> review and what exactly are we looking for?

I guess you can infer most of that from threads on this and the perpass [1] mailing list, the notes from the Monday lunch [2] and the wiki [3].

But since that's a lot of putting stuff together, here's my quick
summary:

- The IETF are rightly putting some more focus on privacy both as a result of [4] and [5], but also because its the right thing to do
- Part of that will involve figuring out how better to handle reviews of works-in-progress, e.g. via secdir and gen-art reviews, but that's not this activity (though will be informed by it)
- Another part (initially suggested I think by Christian Huitema back in Vancouver) is reviewing existing RFCs and that is this bit
- The goal of these reviews is to analyse those existing RFCs for privacy issues or issues related to pervasive monitoring and document those in some useful fashion
- Ideally, that analysis might also suggest mitigations, some of which might be things one can do now, whilst others might be things that'd require changes to protocols, implementations or deployments
- For the latter cases, we're not proposing to do everything now, but as and when protocols are revised (or if we find something startling) then we'd hope that revisions would take account of the analyses done here (and because [4] is now approved as a new BCP, that is not a forlorn hope:-)
- In some cases, reviews will highlight privacy issues that might not be intrinsic to the protocol in the RFC, but that arise due to how that protocol is now deployed (which may be quite different from how that was initially envisaged to
happen)
- Writing up the analysis as an Internet-draft is a fine way to do that (so its archived etc.); there are a couple of examples in the tracker which should be useful help
- Avri and Scott have been helping out with organising this and have put up the wiki at [1]
- For people who want to review something - go pick a thing for which you think you're qualified to do a good review and ideally which you think is important and then... just do it
- Its not a sin to find nothing nor to do an imperfect job, but the better the job done... the better the job done:-)
- Make a ticket so's we don't waste effort having a few folks doing stuff and so we can keep track
- I'd say maybe don't put in speculative tickets (e.g. meaning "someone, but not me, really ought review RFCxxxx"), but just add tickets for stuff you've done or are doing now or in the quite near future
- Try get initial work done and visible by mid-May so we can see how we're doing and consider that before and during the July IETF

Cheers, (and thanks all for doing stuff!), S.


[1] http://www.ietf.org/mail-archive/web/perpass/current/maillist.html
[2] http://www.ietf.org/mail-archive/web/perpass/current/msg01640.html
[3] https://trac.tools.ietf.org/group/ppm-legacy-review/wiki
[4] http://tools.ietf.org/html/draft-farrell-perpass-attack
[5] http://tools.ietf.org/html/draft-barnes-pervasive-problem-00


>
>
>
> Thanks,
>
> Rob
>
>
>
>
>
>
>
>
>
> From: ietf-privacy [mailto:ietf-privacy-bounces@ietf.org] On Behalf Of
> Scott Brim Sent: 24 March 2014 12:23 To: yaojk Cc:
> ietf-privacy@ietf.org; perpass Subject: Re: [ietf-privacy] [perpass]
> Wiki for managing PPM reviews of existing RFCs
>
>
>
>
> On Mar 23, 2014 10:49 PM, "Jiankang Yao"
> <yaojk@cnnic.cn<mailto:yaojk@cnnic.cn>> wrote:
>> since there are thousands of RFCs, it is better that they can be
>> reviewd by category. for example, based on the following category:
>> http://www.faqs.org/rfcs/np.html
>>
>> Jiankang Yao
>
> We want to make sure the essential RFCs are reviewed, and categories
> are a good way to organize that if you know what categories to use.
> We don't have enough experience yet to know what good categories would
> be -- we don't know how many reviewers we will have our their interest
> areas. To start with let's just get everyone doing reviews.
> We can organize them later, once we get over a hundred.
>
> Thanks... Scott
>
>
>
>
> _______________________________________________ ietf-privacy mailing
> list ietf-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-privacy
>