IETF Logo Mail Archive

Re: Last Call: <draft-hardie-privsec-metadata-insertion-05.txt> (Design considerations for Metadata Insertion) to Informational RFC

Ted Hardie <ted.ietf@gmail.com> Wed, 22 February 2017 22:09 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 079C5129C25; Wed, 22 Feb 2017 14:09:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rMBiG_sJJ6Uz; Wed, 22 Feb 2017 14:09:29 -0800 (PST)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EE21129C23; Wed, 22 Feb 2017 14:09:29 -0800 (PST)
Received: by mail-oi0-x229.google.com with SMTP id 62so8953287oih.2; Wed, 22 Feb 2017 14:09:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+bUMm1mB6yqP75AKrs4wcyH7dRxuKZlA9nxn3OwmlO8=; b=cXowtS//dJF89RgR8gEe+C8sP7zisluwsGdqYZDBIZSlQQ+wdPWc5mCapRb0L9YSdN X1nqVyl1ovZIHD+nP37EUe72l8hIzMBDkHSdpK+wy816mlRYdYugo3usGUu1Wx56T2O9 PrjQgYFFPIYsxsg6hLwxVrI1AaUtyZDxgnd+1nmBHLpTKQTs+QH9P0KK/UB+JRZIsWty JKq7eBquFLGKER0yzTKrpaNlW7gyXEpejEnEk66ZD1c5GfNXzGCBum0k2jRSQxw366Lf WSlnnSiwYUObCL9K9dAVs+88hYDjqCmfqEHLV1U8IjrPvDjKEHzoyrvyvQE7GDHJeWiD Thww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+bUMm1mB6yqP75AKrs4wcyH7dRxuKZlA9nxn3OwmlO8=; b=s0mtfqaPxYfWUghEagre23FeXukts+frYwkyyEPqXsP8B3kWDwi26fgPF+GVsv5OZi Ioo66YK8ieuLdXri5WBhD4jQ9bz4ird59Q0yFI0Owy3ldi9W2QVgO1AXp0yqENNZRmJV hBk3dKvkjlpn6DWwqM6wY2dIxg1aUJh5jsmI285gmTqyNGZWU1+GUKbEnnLCR7oCsgAL /uv63l3OuAUtNGfU3NNunC8K88u2V5CF0WFQDx9xwTS+EOA6J5zeOLT99nnW7HTqkcii C7ck14t1Lw95N/CV7EI6F90mt0otj1Lsyoaw+Up1Gdea77MY9BumL3TplUMSJW/5vhVk eE+g==
X-Gm-Message-State: AMke39nSrJJaGbMxJhF1IySZ8DyvfvOW99nNzgFyhfcAcTIGNSypTQSRRrU59hwrCfZpfPE4PE9fBIj7+9fTjw==
X-Received: by 10.202.5.4 with SMTP id 4mr18930789oif.132.1487801368539; Wed, 22 Feb 2017 14:09:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.74.142.85 with HTTP; Wed, 22 Feb 2017 14:08:58 -0800 (PST)
In-Reply-To: <787AE7BB302AE849A7480A190F8B933009DEB0B5@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <148527996733.12573.15522530300481191993.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B933009DEB0B5@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Wed, 22 Feb 2017 14:08:58 -0800
Message-ID: <CA+9kkMC8d9dRGA0mYm-ALbZOnnq6LTLE=56imUFqK9JZ0wC=pw@mail.gmail.com>
Subject: Re: Last Call: <draft-hardie-privsec-metadata-insertion-05.txt> (Design considerations for Metadata Insertion) to Informational RFC
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>
Content-Type: multipart/alternative; boundary="94eb2c18d092117c8d054925c025"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/h-6jUOxpUxji4xX9WhYdRi_HyZg>
Cc: "draft-hardie-privsec-metadata-insertion@ietf.org" <draft-hardie-privsec-metadata-insertion@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 22:09:31 -0000

Hi Mohamed,

Thanks for your review.  I've uploaded a draft -06 with updates from your
and other reviews.  Some notes in-line.

On Tue, Jan 31, 2017 at 1:49 AM, <mohamed.boucadair@orange.com> wrote:

> Dear Ted,
>
> Please find below my general review of the document and also my detailed
> comments.
>
> * Overall:
> - I don't think the document is ready to be published as it is. It does
> not discuss the usability and implications of the advice. Further, it may
> be interpreted that a client/end system/user can always by itself populate
> data that is supplied by on-path nodes (in current deployments). That's
> assumption is not true for some protocols.
> - The purpose of publishing this advice is not clear. For example, how
> this advice will be implemented in practice? What is its scope?
> - I would personally prefer an updated version of RFC7258 with more strict
> language on the privacy-related considerations. This is more actionable
> with concrete effects in documents that will required to include a
> discussion on privacy related matters.
>
> Detailed comments are provided below:
>
> * The abstract says the following:
>
>    The IAB has published [RFC7624] in response to several revelations of
>    pervasive attack on Internet communications.  This document considers
>    the implications of protocol designs which associate metadata with
>    encrypted flows.  In particular, it asserts that designs which do so
>    by explicit actions of the end system are preferable to designs in
>       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>    which middleboxes insert them.
>
> I suggest you explicit what is meant by "the end system".


I have updated this to clarify that this is the host/end system not the
user.


> If you mean the owner/user, then the text should say so. If you mean a
> client software instance, then bugs/inappropriate default values may lead
> to (privacy leak) surprises too. It was reported in the past that some
> browsers inject the MSISDN too.
>
> * Introduction: "To ensure that the Internet can be trusted by users"
>
> Rather « To minimize the risk of Internet-originated attacks targeted at
> users ».


I've adopted this language.


> It's reasonable to claim the Internet can be trusted by users; see how the
> usage of social networks has become severely twisted for example


I've also considered your point that an updated version of RFC7258 might be
a better outlet for advice like this. We did consider several approaches,
including incorporating the text in an update to  RFC 3552 or as part of a
document describing the full set of companion mitigations to the threats in
RFC 7624 (draft-iab-privsec-confidentiality-mitigations would be one
approach).  Those are all valid approaches, but it seemed that short,
easily read documents tackling a single point might be easier to produce
and consume.

Thanks again for your review,

Ted Hardie

v2.37.1 | Report a Bug | By Email | System Status