[IRTF-Announce] IRTF Announcement: Starting up PEARG, to work on Privacy-Enhancing Technologies in IRTF

Allison Mankin <allison.mankin@gmail.com> Thu, 05 July 2018 19:05 UTC

Return-Path: <allison.mankin@gmail.com>
X-Original-To: irtf-announce@ietfa.amsl.com
Delivered-To: irtf-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17CDD130F4D; Thu, 5 Jul 2018 12:05:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hAg63Jgc_pn4; Thu, 5 Jul 2018 12:05:54 -0700 (PDT)
Received: from mail-pf0-x241.google.com (mail-pf0-x241.google.com [IPv6:2607:f8b0:400e:c00::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5AFD130F44; Thu, 5 Jul 2018 12:05:53 -0700 (PDT)
Received: by mail-pf0-x241.google.com with SMTP id h20-v6so6226101pfn.4; Thu, 05 Jul 2018 12:05:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=hTcufyC21G3bNz+8CLsctWfwW0fUq19FGyVI1nTf+Pk=; b=Ghef6OZB482nptYg8x7hmVaQoKJ/SvSCCFGjIYw8KwkQ9lVJ4bMuGjsLL9a4994smI 8J/ainY9OYU46R75Ob1YoZPBdEyPmQS6WAJ+eQSSkpgDHcqIK6WklpRf5IqPelHhdLAD +MXpKXsI+s44+8XF64I448kf4x6KecEkoGCiFhcpE1CbuHS58mVHziPegSUCYm2eIK14 WsO7+1yat2fPIPGb4ETGsfseLUEKNpHZYa4XRNCAegG4e9ktG7kgMFuxCvqnrMKKRUFf g438YmlTXurdZOUU2FoHqUGpPh4rlawCglbcaUMBDVrJpVOjpmUJdEw+Rofh6PFWgeQn xelw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=hTcufyC21G3bNz+8CLsctWfwW0fUq19FGyVI1nTf+Pk=; b=W/yDXN3Q1ZmQXv5HW6sLbxXhRV97vvvoOshJLIZvk5UcoyJmMgEB09WTXpJqOhJmlD NRP5guFXf27WBA/hCZbmw0GwyL/bQNmJHO9DOPkna9GhA3WqDD9dSu21X4T808Gtd4p7 tYWO7fWm5esqdXOfF6s6AnmiQVz7zrPX/5wCD7QoQVQpjKkORXO0DuIah0IGsup+dAP4 lzkLHMty7sdtnLwdr6lSxeDUl6w012lwBt+wk4o88xoEvO4Xbs++7IEjWhMgud+N8rob 3rusBWMLnCEuu4i7incVKxajTRmcj66AbnUzMgCdJSOCD5B+yHXDfIC7XibvpOUHJWNt i+ug==
X-Gm-Message-State: APt69E1MZxrbcftiJk7BYfSIyfPwUOzdwNa6K3bQV2j6IrawOSpjHKcI 8jucIlPeMnA64kjU1Ygyvd2DBqbJzBhH0dcc0KB6zQ==
X-Google-Smtp-Source: AAOMgpflv/JR698Gu3EBfFeqN4ppFSgdDitTP5wRi1iu2+kFlWkiiiP2RNnfa5cqnoSusJiLmTV+5bY3+bMKn2VZNB4=
X-Received: by 2002:a65:4107:: with SMTP id w7-v6mr6512107pgp.90.1530817553199; Thu, 05 Jul 2018 12:05:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a17:90a:ac18:0:0:0:0 with HTTP; Thu, 5 Jul 2018 12:05:52 -0700 (PDT)
From: Allison Mankin <allison.mankin@gmail.com>
Date: Thu, 5 Jul 2018 15:05:52 -0400
Message-ID: <CAP8yD=tMi43MmiZw=+61YzvASkp7Ynzy=uETeVrFd1pT2bFg4g@mail.gmail.com>
To: irtf-announce@irtf.org, "Internet Research Steering Group (irsg@irtf.org)" <irsg@irtf.org>, IRTF Discussion <irtf-discuss@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000797a240570453c53"
Archived-At: <https://mailarchive.ietf.org/arch/msg/irtf-announce/N_QGNu18ktTyCWG6Jgd5ojEOelY>
Subject: [IRTF-Announce] IRTF Announcement: Starting up PEARG, to work on Privacy-Enhancing Technologies in IRTF
X-BeenThere: irtf-announce@irtf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IRTF-Announce <irtf-announce.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/irtf-announce>, <mailto:irtf-announce-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/irtf-announce/>
List-Post: <mailto:irtf-announce@irtf.org>
List-Help: <mailto:irtf-announce-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/irtf-announce>, <mailto:irtf-announce-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2018 19:05:58 -0000

Dear IRTF folks,

Please see the note below.  A side meeting will take place to get feedback
and move towards organizing PEARG (Privacy Enhancements and Assessment
(Proposed) RG.  Please join the pearg mailing list if you are interested in
participating.  Meeting info will also be sent on lists addressed here.
You may receive this multiple times,  so thanks for your patience!

To subscribe:  https://www.irtf.org/mailman/listinfo/pearg

See you in Montreal!

Allison
IRTF Chair


---------- Forwarded message ----------
From: Sara Dickinson <sara@sinodun.com>;
Date: 5 July 2018 at 12:51
Subject: [Pearg] Welcome to the Privacy Enhancements and Assessment
Proposed RG mailing list!
To: pearg@irtf.org


Dear All,

We would like to announce the first meeting (a side meeting) of the Privacy
Enhancements and Assessment (PEA) Proposed RG to be held at IETF 102 in
Montreal. We are waiting confirmation of our time slot, we have requested
18:40 on Tuesday 17th July and will post to this list as soon as we have
more details.

The chairs for this Proposed RG are:
Sara Dickinson (sara@sinodun.com) and
Shivan Sahib (ssahib@salesforce.com)

This side meeting is planned as an informal discussion for parties
interested in participating in the Proposed RG. There will be an overview
of the proposed charter (see below) and we would like to solicit feedback
on the charter and also possible future work in the group.

As food for thought we believe that there are several ongoing
privacy-relevant efforts and discussions in various IETF and IRTF groups
that would benefit from a dedicated group for analysis, including:

- [QUIC] Privacy leaks via passive network management via the proposed QUIC
spin bit.
- [QUIC] Connection migration and multipath privacy properties of exposed
packet header information.
- [DoH] Privacy implications for various use cases and for server operators.
- [DRUI (BoF)] Privacy implications of DNS resolver discovery mechanisms.
- [DNSSD] Private service discovery threat model formulation and solution
analysis.
- [DPRIVE] BCP for operators of DNS privacy services. Padding profile
analysis.
- [ICNRG] Privacy implications of unencrypted content requests (interests).
- [TRANS] Privacy implications of certificate transparency gossiping.
- [RTCWEB] Privacy issues around exposing private IP addresses in WebRTC

Equally important, there is active research being conducted in the academic
and open source communities around privacy preserving techniques that the
IETF and IRTF could benefit from adopting.

We’ll also discuss scheduling future meetings, including possible
co-location with events other than the IETF.

Best regards

Sara & Shivan




# Draft Charter

## Background

Privacy is an increasingly desirable and often necessary property for
Internet technologies. Evidence suggests that attacks on societal,
community, and individual privacy occur with non-negligible frequency, as
discussed in detail in RFC 7258 and in protocol-specific documents such as
RFC 7626. Pervasive monitoring [RFC 7258], is a well known attack on
privacy at incredible scale.  The IETF and IAB responses to such attacks is
to push for widespread end-to-end encryption. Understanding attacks on
privacy and the costs of addressing them is critical for ensuring the
longevity, usability, and viability of Internet technologies.

Alongside such work the emergence of global and region-specific legislation
in this area e.g. GDPR provides further motivation for enhancing
available privacy techniques (beyond end-to-end encryption), advancing the
state-of-the-art for privacy in protocols, and for assessing privacy of
existing protocols.

## Objectives

The Privacy Enhancements and Assessments Research Group (PEARG) is a
general forum for discussing and reviewing privacy enhancing
technologies for network protocols and distributed systems in general, and
for the IETF in particular. The PEARG serves as a bridge between theory and
practice, bringing new privacy-enhancing technologies to the Internet
community and promoting an understanding of the use and applicability of
these mechanisms via Informational RFCs (in the tradition of HMAC [RFC
2104]).  Our goal is to provide a forum for discussion and analyzing the
cryptographic and practical aspects of privacy protocols, and to offer
guidance on the use of emerging techniques and new uses of existing ones.
IETF working groups developing protocols that include privacy technology
elements are welcome to bring questions concerning the protocols to the
PEARG for advice.

The Assessments objective of PEARG will include partaking in the following
tasks:

1) Reviewing privacy properties (informed by but not limited to the
analysis in RFC6973) of existing and emerging IETF protocols,

2) Developing specifications in the tradition of RFC 6973 that offer
guidance for protocol design and development and advice on
privacy-enhancement.

This work will involve outreach to ensure close cooperation with similar
and related efforts in IETF.

## Meetings

The PEARG will meet two to three times per year, as deemed necessary by the
chairs and according to demand. At least one PEARG meeting will be
co-located with an IETF meeting per year. The PEARG will also meet
collocated with relevant academic conferences, such as the Privacy
Enhancing Technologies Symposium (PETS), yearly if possible. Participation
is open to all.

Meetings are by default open with open attendance and published
proceedings, with remote participation and recording as provided by the
meeting venue, according to the IRTF’s IPR policy.

The chairs may at times appoint at their pleasure “closed” design teams
with lesser reporting requirements (though results will be open).  This
will allow for some limited discussions in which participants require extra
privacy.  This does not relax the Note Well:  for all activities of the RG,
as for all other activities of IRTF, the Note Well applies [
https://www.ietf.org/about/note-well/].

## Collaborations

PEARG will actively engage with academic and open source (e.g. Tor project,
EFF, OTF) communities and encourage specification of key privacy-enhancing
technologies in Informational or Experimental RFCs.  Example current
emerging technologies where interest is solicited include:

1. Differential privacy techniques applied to networked and distributed
systems
2. Anti-fingerprinting techniques
3. Potential uses of MPC for privacy

PEARG is related to security and cryptographic protocols in the IETF and
IRTF. Among the IETF working groups, PEARG will collaborate to ensure
and encourage collaboration so that desirable privacy properties are upheld
for the Internet community. PEARG will also collaborate with the CFRG to
ensure cryptographic techniques and algorithms are used appropriately for
their intended purpose.



-- 
Pearg mailing list
Pearg@irtf.org
https://www.irtf.org/mailman/listinfo/pearg