Re: [lmap] Stephen Farrell's No Objection on draft-ietf-lmap-framework-12: (with COMMENT)
"MORTON, ALFRED C (AL)" <acmorton@att.com> Wed, 15 April 2015 14:55 UTC
Return-Path: <acmorton@att.com>
X-Original-To: lmap@ietfa.amsl.com
Delivered-To: lmap@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2E251B3565; Wed, 15 Apr 2015 07:55:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c8BX9Difswiy; Wed, 15 Apr 2015 07:55:04 -0700 (PDT)
Received: from mail-pink.research.att.com (mail-pink.research.att.com [204.178.8.22]) by ietfa.amsl.com (Postfix) with ESMTP id C8AF81AC402; Wed, 15 Apr 2015 07:55:03 -0700 (PDT)
Received: from mail-blue.research.att.com (unknown [135.207.178.11]) by mail-pink.research.att.com (Postfix) with ESMTP id 88D56120E25; Wed, 15 Apr 2015 11:13:20 -0400 (EDT)
Received: from exchange.research.att.com (njfpsrvexg0.research.att.com [135.207.240.40]) by mail-blue.research.att.com (Postfix) with ESMTP id 808B7F0470; Wed, 15 Apr 2015 10:55:00 -0400 (EDT)
Received: from NJFPSRVEXG0.research.att.com ([fe80::c5dd:2310:7197:58ea]) by NJFPSRVEXG0.research.att.com ([fe80::c5dd:2310:7197:58ea%17]) with mapi; Wed, 15 Apr 2015 10:55:00 -0400
From: "MORTON, ALFRED C (AL)" <acmorton@att.com>
To: "philip.eardley@bt.com" <philip.eardley@bt.com>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "iesg@ietf.org" <iesg@ietf.org>
Date: Wed, 15 Apr 2015 10:54:59 -0400
Thread-Topic: [lmap] Stephen Farrell's No Objection on draft-ietf-lmap-framework-12: (with COMMENT)
Thread-Index: AQHQcs1QFHQfXbYs/EqvK85lRGF6GJ1J7vsAgAKqLRCAAZcZ8A==
Message-ID: <4AF73AA205019A4C8A1DDD32C034631D020F88856A@NJFPSRVEXG0.research.att.com>
References: <20150409135845.13211.89354.idtracker@ietfa.amsl.com> <4AF73AA205019A4C8A1DDD32C034631D01608849F7@NJFPSRVEXG0.research.att.com> <7ec2881f92e94953870e2e1479d6247e@rew09926dag03b.domain1.systemhost.net>
In-Reply-To: <7ec2881f92e94953870e2e1479d6247e@rew09926dag03b.domain1.systemhost.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/lmap/ACIOWC3SmbzgpKKUdmvq277tZqQ>
Cc: "dromasca@avaya.com" <dromasca@avaya.com>, "lmap-chairs@ietf.org" <lmap-chairs@ietf.org>, "lmap@ietf.org" <lmap@ietf.org>
Subject: Re: [lmap] Stephen Farrell's No Objection on draft-ietf-lmap-framework-12: (with COMMENT)
X-BeenThere: lmap@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Large Scale Measurement of Access network Performance <lmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lmap>, <mailto:lmap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lmap/>
List-Post: <mailto:lmap@ietf.org>
List-Help: <mailto:lmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lmap>, <mailto:lmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 14:55:05 -0000
Hi Phil and Stephen, some replies in-line below. (apologies for limited formatting help to find them) Al > -----Original Message----- > From: philip.eardley@bt.com [mailto:philip.eardley@bt.com] > Sent: Tuesday, April 14, 2015 10:51 AM > To: MORTON, ALFRED C (AL); stephen.farrell@cs.tcd.ie; iesg@ietf.org > Cc: dromasca@avaya.com; lmap-chairs@ietf.org; lmap@ietf.org > Subject: RE: [lmap] Stephen Farrell's No Objection on draft-ietf-lmap- > framework-12: (with COMMENT) > > Stephen, > Thanks! > > > > I agree, something like: > > > > o Privacy Conserving - the protocols and procedures should respect > > the > > sensitive information of all those involved in measurements. > > I think 'Privacy respecting' is better than 'Privacy conserving'. > > > > > > > > > - 5.4 (and elsewhere) I'm not sure a Group-ID by itself is > > > sufficient to hide identity (timing and soure addressing may expose > it anyway). > > > That should be noted, and that lmap protocols should be analysed to > > > see what turns out to be the case. I'm not sure talking about > > > "anonymising" is really correct as anonymity is a very very hard > > thing to achieve. > > > > That's a fair point, we could add this limitation in section 5.1, the > > second bullet seems to be where Group-ID is first discussed in some > > detail. (It's never claimed that Group-ID fixes cures all ills.) > > > > Agree with above. The idea of Group-ID was so that you had to do some > work to discover the end-user's identity - do it deliberately. With the > MA-ID you have to do work not to know the MA's identity. > > In Section 5.4 > >> The Report contains: > >> o the MA-ID or a Group-ID (to anonymise results) > I agree this puts it too strongly. How about something like "to obscure > the MA's identity" > > I'm not sure whether this sentence in S8.4.1 needs to be similarly toned > down: > << Assignment of a Group-ID > enables anonymisation sets to be formed on the basis of service > type/grade/rates. > >> > Perhaps "obfuscation sets" would be better? I don't think so, " anonymisation sets" is the RFC 6973 term. We have said that anonymisation is difficult in 8.6.2, changing what we call it doesn't change that fact. > > Similarly in S8.6.2 > << Another anonymisation technique is for the MA to include its Group-ID > instead of its MA-ID > >> > "obfuscation technique"? > > > > > > > > > - section 8: I didn't spot considerations related to > > > re-identification, which can be significant. E.g. if I can see > > > other traffic that identifies a person and the re-identify that > > > person > > based > > > on LMAP trafic later on (or elsewhere). Did the WG consider that? > > > > The short answer is that if RFC 6973 had considered re-identification, > > we would have. > > The closest topic we covered is Correlation, combining various > > separate pieces of info to obtain identity. The point is that an LMAP > > system could unwittingly complete an information chain if it exposes > > any sensitive info, so don't. > > > > If a user's access with another system already gave away sensitive > > info, correlation is clearly easier and can result in re- > > identification, even when an LMAP conserves sensitive information to > > great extent. > > We could add this point in 8.5.3. > > If I understand your point, it's that the LMAP measurement traffic or > control /reporting messages from a particular end-user may contain a > 'signature' that enables someone to track the end-user (perhaps they're > mobile) Interesting point, would be worth adding somewhere. I took this to mean that once a person IS identified, then less info is needed to infer that observed traffic is from the same person. IOW, re-identifying Alice, once I've seen Alice's name and her IP address together, can be accomplished with just the IP address. I added to 8.5.3: If a user's access with another system already gave away sensitive info, correlation is clearly easier and can result in re-identification, even when an LMAP conserves sensitive information to great extent. > > > > > > > > > - section 8: I'm not sure that the "user consent" > > > thing is really of that much benefit here (and it's ubiquitously > > > abused on the Internet today). It would have been welcome had the > > > WG come up with something better, but then since I don't have a > > > solution to hand, I can't insist that you do;-) > > > > Right now, user consent and temporary/per-instance user consent are > > helpful if the protocols communicate the permission status, or stop > > transactions when they don't get indication of permission. We have > > difficulty limiting what consenting adults do. > > > > User consent and empowerment seem central to Data protection and privacy > regulations and discussions. I agree with you that the Internet industry > hasn't worked out how to make this meaningful - beyond today's mostly > unread T&Cs and (in Europe) irritating messages about cookies.
- [lmap] Stephen Farrell's No Objection on draft-ie… Stephen Farrell
- Re: [lmap] Stephen Farrell's No Objection on draf… MORTON, ALFRED C (AL)
- Re: [lmap] Stephen Farrell's No Objection on draf… Stephen Farrell
- [lmap] FW: Stephen Farrell's No Objection on draf… philip.eardley
- Re: [lmap] Stephen Farrell's No Objection on draf… philip.eardley
- Re: [lmap] Stephen Farrell's No Objection on draf… MORTON, ALFRED C (AL)
- Re: [lmap] Stephen Farrell's No Objection on draf… MORTON, ALFRED C (AL)
- Re: [lmap] Stephen Farrell's No Objection on draf… Stephen Farrell