Re: [ietf-privacy] Fwd: New Version Notification for draft-iab-privacy-considerations-01.txt
SM <sm@resistor.net> Mon, 24 October 2011 08:03 UTC
Return-Path: <sm@resistor.net>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2078321F8BCB; Mon, 24 Oct 2011 01:03:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.508
X-Spam-Level:
X-Spam-Status: No, score=-102.508 tagged_above=-999 required=5 tests=[AWL=0.091, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qx4UN-eP5dWW; Mon, 24 Oct 2011 01:03:18 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0124C21F8B8C; Mon, 24 Oct 2011 01:03:14 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) by mx.elandsys.com (8.14.4/8.14.5) with ESMTP id p9O82pJG025468; Mon, 24 Oct 2011 01:02:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1319443377; bh=+Gokx/JJg6zbcVJoz/8yeK+faiC4eFtTX1Su3RsxUXg=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=Oqj6HBvzSMAsQt34YPgHuwaBjgwqjjcTNcg5HsB7UfQHKlEzMt6Q8/+8sXKI+vs6j t6rCwSuwSfFSsEKe+EiOwVjrfXk+pyPlbKQo4IQTRBCtUJSEK7Yc6mr2TphK2E4Nhb ZJ/5/WAzx9CivAuGaOkeAXNkH32LSNtleBiqPz+U=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1319443377; bh=+Gokx/JJg6zbcVJoz/8yeK+faiC4eFtTX1Su3RsxUXg=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=SuNMGKGkmduYeriKAdB/RMf8slO9VtB25JLT+vheShI4NuGMGfTSylwqr1ANLZ6Q5 +2w0n0+Mojnvc3vOhzLc0vt09XSH+zDAmOPdPOXeVlxQUpNqgWTKReeBb3QQG9+nYy Lwzt2YOEdDL3H2DSrYvLIx5GONAnog4L8G0dBX2g=
Message-Id: <6.2.5.6.2.20111023234745.0b396450@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Mon, 24 Oct 2011 01:01:29 -0700
To: Alissa Cooper <acooper@cdt.org>, ietf-privacy@ietf.org
From: SM <sm@resistor.net>
In-Reply-To: <58CE1068-1898-463F-8DD6-4A2465F93312@cdt.org>
References: <20111023084622.32271.98066.idtracker@ietfa.amsl.com> <58CE1068-1898-463F-8DD6-4A2465F93312@cdt.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: iab@iab.org
Subject: Re: [ietf-privacy] Fwd: New Version Notification for draft-iab-privacy-considerations-01.txt
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 08:03:20 -0000
Hi Alissa, At 02:28 23-10-2011, Alissa Cooper wrote: >Per the announcement below, a new draft of the privacy >considerations document, formerly >draft-morris-privacy-considerations-03 and now >draft-iab-privacy-considerations-01, has been submitted.* The major >changes from the previous version are: From Section 2: "As an example, consider HTTP [RFC2616], which was designed to allow the exchange of arbitrary data. A complete analysis of the privacy considerations for uses of HTTP might include what type of data is exchanged, how this data is stored, and how it is processed. Hence the analysis for an individual's static personal web page would be different than the use of HTTP for exchanging health records. A protocol designer working on HTTP extensions (such as WebDAV [RFC4918]) is not expected to describe the privacy risks derived from all possible usage scenarios, but rather the privacy properties specific to the extensions and any particular uses of the extensions that are expected and foreseen at design time." There are several other protocols which are designed to allow the exchange of arbitrary data. The above mentions that a complete analysis should cover: (1) Type of data being exchanged (2) How the data is stored (3) How it is processed and mentions personal web pages and health records as examples. This sounds more like usage of a technology instead of privacy considerations in designing a protocol. My view of privacy considerations in protocol design is to consider implications when making design decisions. As an example, HTTP has a Referer request-header field. That field leaks information. From a protocol design perspective, it is good to consider the privacy implications in having such a field and whether it is really needed for the protocol to work. I'll give another example. draft-vandergaast-edns-client-ip-01 defines an EDNS0 to carry network range information. It's an extension of the DNS protocol. That protocol already discloses the source IP address. If the extension functions the same way as the basic protocol, we do not have to get into privacy considerations. As the extension is designed to communicate information to another party (something that the basic protocol does not do), there are privacy implications. If you want me to discuss usage scenarios, I am going to say: This protocol is designed to discloses personal information and it offers no privacy. It's going to the classic fare for most protocols (it's like crying wolf) and it goes against the purpose of having privacy considerations. I like the guidelines in Section 4. It lists easy questions for the protocol designer to think about. Regards, -sm