Re: [ietf-privacy] Fwd: New Version Notification for draft-iab-privacy-considerations-01.txt
SM <sm@resistor.net> Mon, 24 October 2011 08:03 UTC
Return-Path: <sm@resistor.net>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2078321F8BCB; Mon, 24 Oct 2011 01:03:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.508
X-Spam-Level:
X-Spam-Status: No, score=-102.508 tagged_above=-999 required=5 tests=[AWL=0.091, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qx4UN-eP5dWW; Mon, 24 Oct 2011 01:03:18 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0124C21F8B8C; Mon, 24 Oct 2011 01:03:14 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) by mx.elandsys.com (8.14.4/8.14.5) with ESMTP id p9O82pJG025468; Mon, 24 Oct 2011 01:02:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1319443377; bh=+Gokx/JJg6zbcVJoz/8yeK+faiC4eFtTX1Su3RsxUXg=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=Oqj6HBvzSMAsQt34YPgHuwaBjgwqjjcTNcg5HsB7UfQHKlEzMt6Q8/+8sXKI+vs6j t6rCwSuwSfFSsEKe+EiOwVjrfXk+pyPlbKQo4IQTRBCtUJSEK7Yc6mr2TphK2E4Nhb ZJ/5/WAzx9CivAuGaOkeAXNkH32LSNtleBiqPz+U=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1319443377; bh=+Gokx/JJg6zbcVJoz/8yeK+faiC4eFtTX1Su3RsxUXg=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=SuNMGKGkmduYeriKAdB/RMf8slO9VtB25JLT+vheShI4NuGMGfTSylwqr1ANLZ6Q5 +2w0n0+Mojnvc3vOhzLc0vt09XSH+zDAmOPdPOXeVlxQUpNqgWTKReeBb3QQG9+nYy Lwzt2YOEdDL3H2DSrYvLIx5GONAnog4L8G0dBX2g=
Message-Id: <6.2.5.6.2.20111023234745.0b396450@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Mon, 24 Oct 2011 01:01:29 -0700
To: Alissa Cooper <acooper@cdt.org>, ietf-privacy@ietf.org
From: SM <sm@resistor.net>
In-Reply-To: <58CE1068-1898-463F-8DD6-4A2465F93312@cdt.org>
References: <20111023084622.32271.98066.idtracker@ietfa.amsl.com> <58CE1068-1898-463F-8DD6-4A2465F93312@cdt.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: iab@iab.org
Subject: Re: [ietf-privacy] Fwd: New Version Notification for draft-iab-privacy-considerations-01.txt
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 08:03:20 -0000
Hi Alissa,
At 02:28 23-10-2011, Alissa Cooper wrote:
>Per the announcement below, a new draft of the privacy
>considerations document, formerly
>draft-morris-privacy-considerations-03 and now
>draft-iab-privacy-considerations-01, has been submitted.* The major
>changes from the previous version are:
From Section 2:
"As an example, consider HTTP [RFC2616], which was designed to allow
the exchange of arbitrary data. A complete analysis of the privacy
considerations for uses of HTTP might include what type of data is
exchanged, how this data is stored, and how it is processed. Hence
the analysis for an individual's static personal web page would be
different than the use of HTTP for exchanging health records. A
protocol designer working on HTTP extensions (such as WebDAV
[RFC4918]) is not expected to describe the privacy risks derived from
all possible usage scenarios, but rather the privacy properties
specific to the extensions and any particular uses of the extensions
that are expected and foreseen at design time."
There are several other protocols which are designed to allow the
exchange of arbitrary data. The above mentions that a complete
analysis should cover:
(1) Type of data being exchanged
(2) How the data is stored
(3) How it is processed
and mentions personal web pages and health records as examples. This
sounds more like usage of a technology instead of privacy
considerations in designing a protocol. My view of privacy
considerations in protocol design is to consider implications when
making design decisions. As an example, HTTP has a Referer
request-header field. That field leaks information. From a protocol
design perspective, it is good to consider the privacy implications
in having such a field and whether it is really needed for the
protocol to work.
I'll give another example. draft-vandergaast-edns-client-ip-01
defines an EDNS0 to carry network range information. It's an
extension of the DNS protocol. That protocol already discloses the
source IP address. If the extension functions the same way as the
basic protocol, we do not have to get into privacy
considerations. As the extension is designed to communicate
information to another party (something that the basic protocol does
not do), there are privacy implications.
If you want me to discuss usage scenarios, I am going to say:
This protocol is designed to discloses personal information and it
offers no privacy.
It's going to the classic fare for most protocols (it's like crying
wolf) and it goes against the purpose of having privacy considerations.
I like the guidelines in Section 4. It lists easy questions for the
protocol designer to think about.
Regards,
-sm