RE: Proposed Statement on "HTTPS everywhere for the IETF"

["Tony Hain" <alh-ietf@tndh.net>]

Brian E Carpenter wrote:
> Hi Tony,
> On 04/06/2015 15:06, Tony Hain wrote:
> > Stephen Farrell wrote:
> >> On 03/06/15 22:03, Tony Hain wrote:
> >>> Stephen Farrell wrote:
> >>>
> >>>> I would assert that the existence of the dprive WG is good evidence
> >>>> that the IETF does not consider data-integrity as the only real
> >>>> concern for public data.
> >>>
> >>> And I would assert that it shows a group-think knee-jerk
> >>> overreaction to threats that hypothetically could be applied in
> >>> broader contexts than history documents. We are both free to express
> >>> our own assertions.
> >>>
> >>
> >> Disagreeing is of course fine but does not require that those with
> >> whom one disagrees are stuck in a group-think knee-jerk mixed
> >> metaphor;-)
> >>
> >> Looking at the actual text of the statement though [1] I could agree
> >> that the 3rd paragraph is maybe more justified on security grounds,
> >> so maybe s/privacy/security&privacy/ would be better there.
> >
> > No, more below.
> >
> >>
> >> That said, there is a real threat to privacy (cf. tempora) when it is
> >> credible to assume that any of our traffic that transits undersea
> >> cables is recorded, and traffic to the IETF is a part of that even if
> >> it's quite unlikely, by itself, to be privacy sensitive.
> >
> > I never argued that there is not a general threat to privacy due to
> recording, just that it does not apply here. My point was that the IETF does
> not have a general technical REQUIREMENT for privacy. There are many that
> WANT privacy in everything they do, but that does not equate to a real
> requirement for the public content of an open organization. Substituting
> security&pirvacy only makes a bad choice of words worse. The IETF has no
> business case for either, and if there was a case something would have
> been done about it long before now.
> 
> It isn't the content that is private, of course. However, if there are IETF
> participants who require a degree of privacy about their use of IETF public
> information, it is entirely reasonable for the IETF to support that with a
> straightforward measure like HTTPS. As has been pointed out already, that
> is insufficient to provide a high degree of privacy.
> 
> Try "...the act of accessing public information required for routine tasks can
> be privacy sensitive *on the user's side*..."

So that text exposes the silliness of this effort. IF there are people that really need privacy of their access of IETF content, they had better be using more than HTTPS. If they are not using something like TOR they are toast, because it doesn't take much traffic analysis to figure out which documents are being read. Anyone can create a mirror, and with that data they will know which documents and requests create which byte stream lengths. 

> 
> I don't see anything political about that. It's factual.

It is dangerous to imply that simple https provides any privacy when the original content is public information. If true privacy is the requirement then the IETF needs to be serious about expanding TOR. This proposed text is unnecessary theater to make a political statement. If the I* wants to make a political statement, the ISOC or maybe IAB should make it. The IESG has no business making anything more than a technical statement, and the only thing they need to say is that data-integrity is important so we are making https the default. The clear refusal to drop the word privacy from the statement just underscores how much this is politically driven rather than a serious effort to ensure that the IETF content is delivered intact. 

My overall concern here is that statements like this undermine the integrity of the organization. I understand people wanting to improve overall privacy, but this step does not do that in any meaningful way. 

Tony

> 
>     Brian