IETF Logo Mail Archive

Re: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 23 April 2018 07:39 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED8DB1271DF for <int-area@ietfa.amsl.com>; Mon, 23 Apr 2018 00:39:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ekKC7TXOIunU for <int-area@ietfa.amsl.com>; Mon, 23 Apr 2018 00:39:55 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E79BC12025C for <int-area@ietf.org>; Mon, 23 Apr 2018 00:39:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7458ABE4C; Mon, 23 Apr 2018 08:39:52 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rbe1gG27OcEb; Mon, 23 Apr 2018 08:39:51 +0100 (IST)
Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D66B4BE2F; Mon, 23 Apr 2018 08:39:50 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1524469190; bh=QKTdGYRa7CyYiITsD0vSxvp8DySc2ttc85xH5eOu4B4=; h=Subject:To:References:From:Date:In-Reply-To:From; b=GMQnmeUyZsxb5WAzd04st94qqFqXPyJmKTzZ7ktX2DXOSgu4X7P9L4sqF/tN03L+9 Nk9gJGXy337/W3WXkEnvGiyELQYJkPrSJzgnPKWHGYS/5jdo0D/XmboPeYCjv3h/i9 Re9J0HCQjVsri+EiJdVhM1jeGMddxKUWO7URcI8w=
To: mohamed.boucadair@orange.com, "int-area@ietf.org" <int-area@ietf.org>
References: <a231b336-7e6d-bef1-92ab-001ae05eef0c@cs.tcd.ie> <787AE7BB302AE849A7480A190F8B93302DF0F8FE@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABzTJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsLBgAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxM7BTQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAcLBZQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <7e261529-28ed-a73a-631f-0cbc35ab0109@cs.tcd.ie>
Date: Mon, 23 Apr 2018 08:39:50 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302DF0F8FE@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="ewfXyjVNloE76UQ4fWHbNp1MXcONip563"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/pgH6fIk2ixnARxfRyCkK22WpU8o>
Subject: Re: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2018 07:39:58 -0000

Hiya,

We could trade references to existing BCPs and RFCs but I don't
think we need to - I did not claim that the IETF had never done
work in this space, nor that we ought not - my point was that
such work being done at this point in time needs to take a
broader perspective than the document concerned. (If for some
reason it is helpful to trade references to existing BCPs and
RFCs that argue for different approaches to privacy, I'm fine
with doing that, but I hope it's not needed;-)

Below you say:

> The I-D inherits the same privacy implications of existing RFCs.

That would be a significant reason to not adopt the current document!

I hope that we've learned that we need to do more thorough analyses
of the privacy implications of our work.

Cheers,
S.

On 23/04/18 06:32, mohamed.boucadair@orange.com wrote:
> Hi Stephen,
> 
> The scope of this document is aligned with what the IETF has published in the past in this field. A list is provided below:
> 
>    1.   Identify logging as an issue in address sharing: RFC 6269
> 
>    2.   Require address sharing to enable a logging function: RFC 6269
>         and RFC 6888
> 
>    3.   Identify a minimal set of information to be logged: RFC 6269,
>         RFC 6888, and RFC 6908
> 
>    4.   Identify and discuss trade-offs of solutions to achieve logging:
>         RFC 6269, RFC 6908
> 
>    5.   Specify means to optimize logging (port range allocation,
>         deterministic NAT): draft-ietf-softwire-stateless-
>         4v6-motivation, RFC 7596, RFC 7597, RFC 7599, RFC 7753, and
>         RFC7422
> 
>    6.   Recommend servers to log source port: RFC 6302
> 
>    7.   An initial survey of servers supporting source port logging: RFC
>         7768 (ISE)
> 
>    8.   Retrieve NAT session loggings: draft-ietf-behave-syslog-nat-
>         logging, RFC 8158
> 
>    9.  CPU and memory issues: RFC 6908
> 
> As such, this I-D:
> - **DOES NOT** define a new behavior: it relies on existing IETF RFCs.
> - **DOES NOT** require logging another yet information: again, it relies on the various schemes discussed in existing RFCs.
> 
> The I-D inherits the same privacy implications of existing RFCs. 
> 
> Cheers,
> Med
> 
>> -----Message d'origine-----
>> De : Int-area [mailto:int-area-bounces@ietf.org] De la part de Stephen
>> Farrell
>> Envoyé : samedi 21 avril 2018 18:24
>> À : int-area@ietf.org
>> Objet : [Int-area] WG adoption call: Availability of Information in Criminal
>> Investigations Involving Large-Scale IP Address Sharing Technologies
>>
>>
>> Hiya,
>>
>> I've read this draft and do not support adoption of a
>> draft with this scope.
>>
>> I do support consideration of how law enforcement
>> investigations can be carried out, but not without a
>> similar level of consideration of the real trade-offs
>> between assisting law enforcement and commercial or
>> other surveillance. At present, the draft is nowhere
>> near sufficient in this respect. (Despite saying that
>> "Clearly a balance needs to be struck between individual
>> right to privacy and law enforcement access to data
>> during criminal investigations" the draft is anything
>> but balanced in that respect.)
>>
>> I don't think that this problem is a thing that'd be
>> reasonable to try fix after WG adoption, but needs to be
>> handled beforehand as it's a fundamental scope issue.
>>
>> In other words, I believe this draft just has the wrong
>> scope, and if adopted would be likely quite controversial
>> before publication. In contrast, a draft that really does
>> consider the trade-offs related to logging could be quite
>> valuable and if it provided a balanced approach might even
>> not be controversial.
>>
>> (FWIW, I might be willing to try help out a bit on a draft
>> that did have what I think is an appropriate scope, as I do
>> think more appropriate logging is a reasonable goal. But
>> before accepting that offer be aware that IMO sometimes
>> "more appropriate" ought mean only logging minimal data for
>> a very short period and then thoroughly scrubbing all of
>> that:-)
>>
>> Separately, if a document on this topic is to be adopted
>> by any IETF WG, I think the adoption call ought be widely
>> circulated (esp to saag, and art-area lists) as this is a
>> topic that is likely to attract interest from various folks
>> in other areas, and it'd be much better to figure out early
>> and not late if others also see problems with this draft.
>>
>> Cheers,
>> S.
>>
>> PS: I'm not subscribed to the int-area list so please do
>> cc' me on any follow ups.
>>
>>
>

v2.23.0 | Report a Bug | By Email