Re: [Modern] Kathleen Moriarty's Discuss on draft-ietf-modern-problem-framework-03: (with DISCUSS and COMMENT)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 01 March 2018 15:54 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: modern@ietfa.amsl.com
Delivered-To: modern@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98B9D12EA67; Thu, 1 Mar 2018 07:54:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iSx7Ber7U7oD; Thu, 1 Mar 2018 07:54:32 -0800 (PST)
Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70CE612EB08; Thu, 1 Mar 2018 07:54:32 -0800 (PST)
Received: by mail-oi0-x22f.google.com with SMTP id c12so4805161oic.7; Thu, 01 Mar 2018 07:54:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JYirwA2fP0h9p6NdpxNqqnsZqqTFrtFggkg2Dl3VYGA=; b=MXq9lZxi+Wj5zzHXsAQJI4T3VujsDbQ+53LdWpTng1OkqkqZZzqQfjm/G4JoltY07L eunlHVk2Act4yAqHv6y9c02MNgzQ81RLNeDI06jpysrTqP8uL8u2ZnKQyNRLnvMq0LLL H/ZAnaE5du874SEGXvxpOYLutPtHrP2GdvjKtpuMkmiEuweymdWEHktm66LA8xSsWntq S0R6K1qskKtMjrfjnIpXmbpTste3YJyfJBcImPExGQniVb9+spVfXaC6KQiytTOlnOkR 2l/eIFXF1lUgFfbILTeYcUCGdlkSnp3glokqWP5JPtZ0WBixLdIMhLZvo5cieDxyq+ac IeXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JYirwA2fP0h9p6NdpxNqqnsZqqTFrtFggkg2Dl3VYGA=; b=nwoj7+JRe4Az1dMKce+DiMmvnx4ZV3YOgXBHlPgE+er1XpNTyt3ZzmSH+HHj8o3WY9 rvGbVPiTiu3+IQQzV2dtM/i81bclqgIu+IFJcbXm9mG8KdNUAty5leUKFR3SHmkS2twL 7BmXaBZlG+p3ln0KGu1H72Y/RwPRnlKhUAFLdJ5vx4k7JZC8bsy78upALVuNTFjaZzQ2 ZeH1Ne8do2N751TYekeopWQo7/dQFPoWTE0mfKc4MJkcO3HV7aXe2JrgLVoz2Hw6czmT DTqovSph5Pf/X7/5+FSDGo4ihH6HldcaEz3iGVUuWCqPHxPN6XZWXOf+YI8nJkj6rDkc sz/A==
X-Gm-Message-State: AElRT7F/X3l16lb9wB91o4if+qEkNgGkaGdka+mPo2A/13uIBMie2+6+ vCiMsnQSd2oFCrK36PirvJ8I7bKbRvS24L7vGyI=
X-Google-Smtp-Source: AG47ELsdHilmorD6O+oPgOXSy47FMXCKxZ+dvCJ1pvUcPGKPPNwWu7lOvdlqyi2FV1/xJOGluTtFXTjPyql/ykyBwf0=
X-Received: by 10.202.177.2 with SMTP id a2mr1528484oif.175.1519919671587; Thu, 01 Mar 2018 07:54:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.46.119 with HTTP; Thu, 1 Mar 2018 07:53:51 -0800 (PST)
In-Reply-To: <D6BD4357.1F686E%jon.peterson@neustar.biz>
References: <D6BD4357.1F686E%jon.peterson@neustar.biz>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 01 Mar 2018 10:53:51 -0500
Message-ID: <CAHbuEH6EkK-rTxAjpQ7Qd62R_RFFapkHje19jKe1g8bO6H4EkQ@mail.gmail.com>
To: "Peterson, Jon" <jon.peterson@team.neustar>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-modern-problem-framework@ietf.org" <draft-ietf-modern-problem-framework@ietf.org>, "modern-chairs@ietf.org" <modern-chairs@ietf.org>, "srdonovan@usdonovans.com" <srdonovan@usdonovans.com>, "modern@ietf.org" <modern@ietf.org>, Yoav Nir <ynir.ietf@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/modern/UpMQFHAXZgHLyUyVYza1NcJdGBI>
Subject: Re: [Modern] Kathleen Moriarty's Discuss on draft-ietf-modern-problem-framework-03: (with DISCUSS and COMMENT)
X-BeenThere: modern@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managing, Ordering, Distributing, Exposing, & Registering telephone Numbers non-WG discussion list" <modern.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/modern>, <mailto:modern-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/modern/>
List-Post: <mailto:modern@ietf.org>
List-Help: <mailto:modern-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/modern>, <mailto:modern-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2018 15:54:44 -0000
Hi Jon, On Thu, Mar 1, 2018 at 9:50 AM, Peterson, Jon <jon.peterson@team.neustar> wrote: > > Hi Kathleen (and Yoav), > > We can certainly add a privacy considerations section to the document. > Basically, I think it could read: > > -- > > This framework defines two categories of information about telephone > numbers: service data and administrative data. Service data describes how > identifiers map to particular services and devices that provide real-time > communication services to users. As such, service data could potential > leak resource locations and even lower-layer network address associated > with these services, and in rare cases with end user devices. > Administrative data more broadly characterizes who the administrative > entities are behind identifiers, which will often identify service > provides, but in some layers of the architecture could include personally > identifying information, even WHOIS-style information, about the users > behind identifiers. This could conceivably encompass the sorts of data > that carriers and similar service providers today keep about their > customers for billing purposes: real names and addresses, and similar > personally identifying information. The exact nature of that information > is not defined by this framework, and it is anticipated that the protocols > that will perform this function will be extensible for different use > cases, so at this point, it is difficult to characterize exactly how much > PII might end up being housed by these services. > > As such, if an attacker were to compromise the registrar services in this > architecture which maintain administrative data, and in some cases even > service data, this could leak personally identifying information about end > users. These interfaces, and the systems the host them, are a potentially > attractive target for hackers and need to be hardened accordingly. > Protocols that are selected to fulfill these functions must provide the > security features described in [Sec Cons]. > > Finally, this framework recognizes that in many jurisdictions, certain > government agencies have a legal right to access service and > administrative data maintained by carriers. This access is typically aimed > at identifying the users behind communications identifiers in order to > enforce regulatory policy. Those legal entities already have this power to > access the existing data held by carriers in many jurisdictions, though > potentially the administrative data associated with this framework could > be richer information. > > -- > > Would roughly that work? If so, will patch it in before the cut-off. Yes, thank you. This text is very helpful. > > Also, regarding 4.3.4, we really are trying not to sweep under the rug > that government access is a use case for this framework. Just including > this under the general idea that you need to be authorized to access > information at these services would downplay the reality on the ground > about Gov Entities and their relationship to the whole numbering > ecosystem. On balance I thought it was better to be up front about it, So I agree, but the general point may be good to add as well. The IETF doesn't design protocols to aid surveillance, but the added text in the privacy section is helpful to point out that this is already done and would be done with or without this section pointing it out. > > And Yoav, we will also expand some of the early language in the document > to make sure that terms like "over-the-top" are clear. > > Thanks! > > Jon Peterson > Neustar, Inc. Thank you! Kathleen > > On 2/21/18, 6:51 PM, "Kathleen Moriarty" > <Kathleen.Moriarty.ietf@gmail.com> wrote: > >>Kathleen Moriarty has entered the following ballot position for >>draft-ietf-modern-problem-framework-03: Discuss >> >>When responding, please keep the subject line intact and reply to all >>email addresses included in the To and CC lines. (Feel free to cut this >>introductory paragraph, however.) >> >> >>Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >>for more information about IESG DISCUSS and COMMENT positions. >> >> >>The document, along with other ballot positions, can be found here: >>https://datatracker.ietf.org/doc/draft-ietf-modern-problem-framework/ >> >> >> >>---------------------------------------------------------------------- >>DISCUSS: >>---------------------------------------------------------------------- >> >>I agree with the SecDir reviewer that a Privacy Considerations section is >>needed. What user data is potentially exposed? 4.3.4 talks about >>government >>access, who else has access? What concerns are there about the data that >>is >>shared? What if one of the involved systems is compromised and data is >>stolen? >> >>It's a well written draft, this appears to be a gap and I didn't see a >>response >>to the SecDir review. Thanks in advance. >> >>https://mailarchive.ietf.org/arch/msg/secdir/1WiFmubNoAKo3qAhNu4be35g10w >> >> >>---------------------------------------------------------------------- >>COMMENT: >>---------------------------------------------------------------------- >> >>I'm a little surprised to see section 4.3.4 instead of just a statement >>on how >>authorized access to the data is provided. >> >> > -- Best regards, Kathleen
- [Modern] Kathleen Moriarty's Discuss on draft-iet… Kathleen Moriarty
- Re: [Modern] Kathleen Moriarty's Discuss on draft… Peterson, Jon
- Re: [Modern] Kathleen Moriarty's Discuss on draft… Kathleen Moriarty