IETF Logo Mail Archive

Re: COVID-19 contacts tracker (Re: a brief pondering)

Keith Moore <moore@network-heretics.com> Wed, 15 April 2020 19:45 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AA343A0897 for <ietf@ietfa.amsl.com>; Wed, 15 Apr 2020 12:45:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ov0R1dYxCiUs for <ietf@ietfa.amsl.com>; Wed, 15 Apr 2020 12:45:49 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 363753A076C for <ietf@ietf.org>; Wed, 15 Apr 2020 12:45:49 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 552D540B; Wed, 15 Apr 2020 15:45:48 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 15 Apr 2020 15:45:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=K1Im1O pN2zaEH0sGyTZQBOcQnVamtR8d2gTpgCST8e4=; b=ztbjgkT+ZGY5dUimbu1dxM kisiMZNCRbxbajxkHs9HTQQMCWq4rZwkMavivd4W/lwA8LdMbY5ch50f89CMS5o3 SYgJyVMGplRiJG1SdoHAXyTsyAWNxl3Mwp40pIaJddNaoQ4DwuSAeMapQU89/O85 1PrOxUVTV47pJmweLCugHa3oDgfflaY+gEwcVfd0WbFj+F6NXVxgxQYxDxc2c8uC y26PUz0wMdUpEAsg24qfIRQ9ebTyNxgy+DCvUiSpX52yGp/y+nTHY+IJfTqlDXK1 2P+VdLen72qvP7HEs2jNsJ7XmB4GY7Bui5tisYtaXlu81/xPtMa7JvR3aR+Q76TA ==
X-ME-Sender: <xms:a2SXXiNIaq-y6gtm7BHKGaLKzk5sfd-xuE_l6qPBU_IsRJiaN_7JWQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrfeefgddufeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefuvfhfhffkffgfgggjtgesrgdtre ertdefjeenucfhrhhomhepmfgvihhthhcuofhoohhrvgcuoehmohhorhgvsehnvghtfiho rhhkqdhhvghrvghtihgtshdrtghomheqnecukfhppedutdekrddvvddurddukedtrdduhe enucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmohho rhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh
X-ME-Proxy: <xmx:a2SXXlnKgnyI-GJVMlFjQLar_WjhJ-IwCry2mBLSxBvH-hf7N6_z2Q> <xmx:a2SXXha1GPl_sLEnOaX4GteUbUvWaBAZKS5aR28-Tcb-G5smhQ5pWQ> <xmx:a2SXXs3sW5q0m2fLds9PzcDy0yV_JFzJwdTmLIn9dt4MEIj2IQTQEw> <xmx:a2SXXp1qZWoXCoQcrSaTGsGKIZtAAZVZSJPgGg6yB8YRtJ_ti27QQA>
Received: from [192.168.1.97] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 2F57B306005C; Wed, 15 Apr 2020 15:45:47 -0400 (EDT)
Subject: Re: COVID-19 contacts tracker (Re: a brief pondering)
To: John Wroclawski <jtw@csail.mit.edu>
Cc: ietf@ietf.org
References: <fd6b7ee2-cdbe-14a1-0087-ce61282b22f6@lear.ch> <29D0DCA7-1D72-428F-A6DD-05511D90C039@cable.comcast.com> <2fa6a8c8-7639-a378-2ff1-3f8697556b66@cisco.com> <24cd67ab-df5a-cc2f-745f-ace19d5325ea@network-heretics.com> <FD9C31D9-7113-40D7-8AB1-E581458DB02F@webweaving.org> <922752c9-7ac6-ff32-35c5-7035e49e22ff@network-heretics.com> <E1AE702B-A44D-4C11-A4D2-176794C1836B@csail.mit.edu>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <949a8a06-c8c4-c40b-0f2d-fc0c6fd2dae5@network-heretics.com>
Date: Wed, 15 Apr 2020 15:45:46 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <E1AE702B-A44D-4C11-A4D2-176794C1836B@csail.mit.edu>
Content-Type: multipart/alternative; boundary="------------84E30B4E0BFC4AE31A4719AC"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/AoP9cFL895sErohz0XaPp7ymdOk>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2020 19:45:51 -0000

On 4/15/20 3:35 PM, John Wroclawski wrote:

>> On Apr 15, 2020, at 2:58 PM, Keith Moore<moore@network-heretics.com>  wrote:
>>
>> To be clear, I don't think this is a problem that can be solved by protocol design.   Unless/until we can actually audit both the hardware and software in our mobile devices, we're vulnerable to whatever the big companies put in those devices, and to whatever governments demand of them.
> But these are two distinct issues.
>
> It’s entirely possible to design a protocol that has specific, effective privacy preserving properties, and possibly even some interesting "subversion resistance” properties, and then subvert it.
>
> It’s also possible to design a protocol that doesn’t have those properties in the first place - at which point I don’t need to subvert it.
>
> It seems to me that one of these approaches should still seem more attractive than the other one to the privacy-concerned, even if neither is perfect.

oh sure.   but IMO it's very naive to assume that leaking of information 
won't take place outside the scope of the protocol.

Keith

v2.23.0 | Report a Bug | By Email