IETF Logo Mail Archive

Re: Last Call: <draft-hardie-privsec-metadata-insertion-05.txt> (Design considerations for Metadata Insertion) to Informational RFC

Ted Hardie <ted.ietf@gmail.com> Thu, 23 February 2017 23:40 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADEF6129C68; Thu, 23 Feb 2017 15:40:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2rDZWxm9HKlr; Thu, 23 Feb 2017 15:40:19 -0800 (PST)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2E96129C55; Thu, 23 Feb 2017 15:40:19 -0800 (PST)
Received: by mail-oi0-x235.google.com with SMTP id 65so3427820oig.1; Thu, 23 Feb 2017 15:40:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=KJKbH4J6SyxjqPhDPA3Duv0Jl3NUGFcSTLa/Y9N5eEg=; b=a8Rr+VT0SGWStoSnBuuND/EfAcapEudDWjZfcYcZsHEeAewqWEluDFFi7cVO/+Qv5g 5fipM1szzecW2idUneMC0r5coQZC59VgUjEmaWU8vmbrFgUNW7/qh12uXQanq+HKvJP+ Vob+1ehL1QaxwQxXJJmIanYaGkG+1zhJ93c2N2ds73sbfRb1MWhOPKedDkcx12bCSwPS zI+KRNHdy4uojzQ8ohdwugHc9WogW1g0Hw15XHg8d4kRRWi11eHxgEy6M6XHGAnzmmIw BwQU60KlgZIK3MwEm4HVmXuV6soT/SzXEhKUdcEMycvI+/0HWbL2TXk9ul0LuyELaVMW 1beQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=KJKbH4J6SyxjqPhDPA3Duv0Jl3NUGFcSTLa/Y9N5eEg=; b=Bl4KY+nse6VuxfuwrM3NFcH9ShTyM9RfgRN1fBn1NS0MUoq4C/LFfXDtjRgD8o+Ese ajPF0YjLnpNYxZc1INEuxlcawgl7JXjmGRSF0m56fMkC59PLvjvz8UwZIJsi1pyytKIT TzLOdDZdfFSVjfWkzO+r1OAWN64XDeQTshxIxBj4QF8AErc/ZGX0xV4h65pzykn0p3gV JsaD3L4JRMZn0nzTnPNJwZzfGHfKJlFLaYF/oy/ivVIY1jgDoCa/IK0D/TTFD2onih5H Fc7Qq5YWSR3OrZvx9CiLlYdIxv84hYVxT8LejC4cRW/0Eut06nfWrtyF1UNkLL+bwGW2 xmDg==
X-Gm-Message-State: AMke39ncLiW4oRMByOoH6KyLblbV3+VU+9HejcocP1alooRWXoC488JNiDhTWIu5eR3qk5RiLc2MU8nSIVET6A==
X-Received: by 10.202.72.6 with SMTP id v6mr617138oia.177.1487893218761; Thu, 23 Feb 2017 15:40:18 -0800 (PST)
MIME-Version: 1.0
Received: by 10.74.142.85 with HTTP; Thu, 23 Feb 2017 15:39:48 -0800 (PST)
In-Reply-To: <787AE7BB302AE849A7480A190F8B933009E16627@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <148527996733.12573.15522530300481191993.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B933009DEB0B5@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CA+9kkMC8d9dRGA0mYm-ALbZOnnq6LTLE=56imUFqK9JZ0wC=pw@mail.gmail.com> <787AE7BB302AE849A7480A190F8B933009E16627@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Thu, 23 Feb 2017 15:39:48 -0800
Message-ID: <CA+9kkMBw-QbaDzDanWs6sH-z7rEteofCvp8-d-qSf9J31zJykA@mail.gmail.com>
Subject: Re: Last Call: <draft-hardie-privsec-metadata-insertion-05.txt> (Design considerations for Metadata Insertion) to Informational RFC
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>
Content-Type: multipart/alternative; boundary="001a113db248c4a3e305493b227f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/0JCjvUqy5L7NFyY9g_n8HdEmPIc>
Cc: "draft-hardie-privsec-metadata-insertion@ietf.org" <draft-hardie-privsec-metadata-insertion@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Feb 2017 23:40:21 -0000

HI Mohamad,

Thanks for rechecking; some further comments in-line.

On Wed, Feb 22, 2017 at 11:21 PM, <mohamed.boucadair@orange.com> wrote:

> Hi Ted,
>
>
>
> Thank you for the reply and for implementing these changes.
>
>
>
> I checked the diff, but I’m afraid the -06 version has the same issues as
> the ones I reported in January 31.
>
>
>

I did respond to the particular comments and text proposals, so I assume
this is the more general issue.  If I understand correctly, you would
prefer this document to be structured as a revision to the threat model
document or connected to a larger consideration of the issues.  I
understand that, and it was considered, but I believe that this format is
still the most effective for the narrow issue it addresses.

>From that flow some of your other concerns about audience, at least as I
understand.  As written, this is narrow advice for a broad audience:
basically, anyone who would consider the form of metadata insertion it
describes.  You would, if I understand you, prefer a narrower description
of the audience in a larger context.


> I’m reiterating that most of my comments are still unaddressed in -06.
>
>
>

I realize that the document did not change to address the audience or
document integration you preferred; I think there we simply disagree on how
to make this advice effective.  I'm sorry that first message apparently did
not describe the disagreement effectively.

If I have misunderstood your comments, please accept my apologies. I would
be happy of further clarification and suggested text to illustrate your
preferences would be especially welcome.

thanks,

Ted Hardie



> Cheers,
>
> Med
>
>
>
> *De :* Ted Hardie [mailto:ted.ietf@gmail.com]
> *Envoyé :* mercredi 22 février 2017 23:09
> *À :* BOUCADAIR Mohamed IMT/OLN
> *Cc :* ietf@ietf.org; draft-hardie-privsec-metadata-insertion@ietf.org
> *Objet :* Re: Last Call: <draft-hardie-privsec-metadata-insertion-05.txt>
> (Design considerations for Metadata Insertion) to Informational RFC
>
>
>
> Hi Mohamed,
>
> Thanks for your review.  I've uploaded a draft -06 with updates from your
> and other reviews.  Some notes in-line.
>
>
>
> On Tue, Jan 31, 2017 at 1:49 AM, <mohamed.boucadair@orange.com> wrote:
>
> Dear Ted,
>
> Please find below my general review of the document and also my detailed
> comments.
>
> * Overall:
> - I don't think the document is ready to be published as it is. It does
> not discuss the usability and implications of the advice. Further, it may
> be interpreted that a client/end system/user can always by itself populate
> data that is supplied by on-path nodes (in current deployments). That's
> assumption is not true for some protocols.
> - The purpose of publishing this advice is not clear. For example, how
> this advice will be implemented in practice? What is its scope?
> - I would personally prefer an updated version of RFC7258 with more strict
> language on the privacy-related considerations. This is more actionable
> with concrete effects in documents that will required to include a
> discussion on privacy related matters.
>
> Detailed comments are provided below:
>
> * The abstract says the following:
>
>    The IAB has published [RFC7624] in response to several revelations of
>    pervasive attack on Internet communications.  This document considers
>    the implications of protocol designs which associate metadata with
>    encrypted flows.  In particular, it asserts that designs which do so
>    by explicit actions of the end system are preferable to designs in
>       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>    which middleboxes insert them.
>
> I suggest you explicit what is meant by "the end system".
>
>
>
> I have updated this to clarify that this is the host/end system not the
> user.
>
>
> If you mean the owner/user, then the text should say so. If you mean a
> client software instance, then bugs/inappropriate default values may lead
> to (privacy leak) surprises too. It was reported in the past that some
> browsers inject the MSISDN too.
>
> * Introduction: "To ensure that the Internet can be trusted by users"
>
> Rather « To minimize the risk of Internet-originated attacks targeted at
> users ».
>
>
>
> I've adopted this language.
>
>
>
> It's reasonable to claim the Internet can be trusted by users; see how the
> usage of social networks has become severely twisted for example
>
>
>
> I've also considered your point that an updated version of RFC7258 might
> be a better outlet for advice like this. We did consider several
> approaches, including incorporating the text in an update to  RFC 3552 or
> as part of a document describing the full set of companion mitigations to
> the threats in RFC 7624 (draft-iab-privsec-confidentiality-mitigations
> would be one approach).  Those are all valid approaches, but it seemed that
> short, easily read documents tackling a single point might be easier to
> produce and consume.
>
> Thanks again for your review,
>
> Ted Hardie
>
>
>

v2.23.0 | Report a Bug | By Email