IETF Logo Mail Archive

Re: Comments on <draft-cooper-privacy-policy-01.txt>

Donald Eastlake <d3e3e3@gmail.com> Mon, 12 July 2010 01:17 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFA0C3A68C5 for <ietf@core3.amsl.com>; Sun, 11 Jul 2010 18:17:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.052
X-Spam-Level:
X-Spam-Status: No, score=-2.052 tagged_above=-999 required=5 tests=[AWL=0.547, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFc9mGky-g2v for <ietf@core3.amsl.com>; Sun, 11 Jul 2010 18:17:07 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id A2F5E3A6830 for <ietf@ietf.org>; Sun, 11 Jul 2010 18:17:07 -0700 (PDT)
Received: by wwi17 with SMTP id 17so252761wwi.13 for <ietf@ietf.org>; Sun, 11 Jul 2010 18:17:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=uaXCL5eA9gfoV6aH8hsOMgLTrjxLpYrWnUWWN5+RgUo=; b=lkuMnMwolj+ih7RO+sRJqgednc9rvSXnuu8ycDU7s/INmx/DTwLQTdF94Hima5D1PM o/3nJrvnS39fNJmjoVrFvl2sDHgSWK0Zup2lTZazxEctMj9MYGBmye6/obysrI2SZWBU 33FZkBo5ogATXWbXR3PQGbJahv2BHtd+xHCG4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=Lo5wI/BdKDm1xyuVp6ZDSzTG2/TRPCET7egfdeiZ8fpi40hGNZfsiKEuNRkvqqGzbl xH6R7mfliKmxwTWJQtc71Ab8jHp9+vw+OaafXg8VUhKtqjDlVqcezIW7Jt/rLyqbKZdp 0rVfP+8F8iRhahQ8FsquUbx7XZEejZhLSwIxU=
MIME-Version: 1.0
Received: by 10.227.138.130 with SMTP id a2mr11888443wbu.31.1278897431478; Sun, 11 Jul 2010 18:17:11 -0700 (PDT)
Received: by 10.216.88.70 with HTTP; Sun, 11 Jul 2010 18:17:11 -0700 (PDT)
In-Reply-To: <0352D0E4-8C4A-416F-83E7-280BBC2D65A7@cisco.com>
References: <7022DEA1-7FC0-4D77-88CE-FA3788720B43@cdt.org> <47076F01-CC4C-45E6-803E-8E2516BE15AC@gmail.com> <20100709113224.123900@gmx.net> <m2tyo8hneu.wl%randy@psg.com> <0352D0E4-8C4A-416F-83E7-280BBC2D65A7@cisco.com>
Date: Sun, 11 Jul 2010 21:17:11 -0400
Message-ID: <AANLkTikPL3DTe6XvEUohpSOhr0KAByCR58TcN5mJQreu@mail.gmail.com>
Subject: Re: Comments on <draft-cooper-privacy-policy-01.txt>
From: Donald Eastlake <d3e3e3@gmail.com>
To: IETF Discussion <ietf@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2010 01:17:09 -0000

The sniffed "passwords" were sometimes displayed in real time on a
monitor facing the audience from the front of the room. This activity
was never called "research" that I can recall. I think the majority
reaction was that this was a fine thing to motivate improvements in
security practice. Only one person was upset, that I remember. And
several people, seeing that this was going on, wrote little network
apps to give the appearance to sniffers that plaintext passwords were
being sent so use they could display messages on said monitor, like
"this" "is" "not" "my" "real" "password", etc.

Thanks,
Donald

On Fri, Jul 9, 2010 at 1:24 PM, Fred Baker <fred@cisco.com> wrote:
> Randy, we have had at least one "researcher" sniffing passwords in plenary WiFi traffic and posting them, to embarrass people into using more secure technology. I believe he was an Ops AD at the time :-)
>
> Agreed that personal net hygiene is the solution there.
>
> On Jul 9, 2010, at 5:04 AM, Randy Bush wrote:
>
>> [ fwiw, i am not bothered if some folk well-versed in such things
>>  develop and put forth a policy about how the ietf treats data
>>  about members, attendees, network, ... ]
>>
>>> And "yes" we have researchers looking into the traffic, people storing
>>> all sorts of data, etc.
>>
>> we do?  about our traffic on the ietf meeting network?  stuff other than
>> the _ephemeral_ data the noc ops use to manage the network?
>>
>> as far as i know
>>
>>  o data collection has been done very rarely.  and when it has been, it
>>    has been widely announced.
>>
>>  o there is no plan known by the net ops to do so in maastricht or
>>    beijing at either of those meetings.
>>
>>  o aside from issues in the wireless deployment, the data about net use
>>    at ietf meeings seems pretty boring to me from a research view
>>
>>  o but i am sure there are wifi spies snooping and playing.  and i
>>    suspect that they will not be very respectful of any policy put in
>>    place.
>>
>> given the latter, i focus more on prudent personal net hygene and less
>> on prose.
>>
>> randy
>> _______________________________________________
>> Ietf mailing list
>> Ietf@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf
>
> http://www.ipinc.net/IPv4.GIF
>
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>

v2.23.0 | Report a Bug | By Email