Re: [P2PSIP] Mirja Kühlewind's No Objection on draft-ietf-p2psip-sip-18: (with COMMENT)

"Thomas C. Schmidt" <t.schmidt@haw-hamburg.de> Wed, 20 April 2016 10:09 UTC

Return-Path: <t.schmidt@haw-hamburg.de>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8369612D7E7; Wed, 20 Apr 2016 03:09:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.896
X-Spam-Level:
X-Spam-Status: No, score=-2.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8AAnnSwlzADr; Wed, 20 Apr 2016 03:09:42 -0700 (PDT)
Received: from mx3.haw-public.haw-hamburg.de (mx3.haw-public.haw-hamburg.de [141.22.6.2]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4BB512D1E5; Wed, 20 Apr 2016 03:09:41 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.24,509,1454972400"; d="scan'208";a="28196121"
Received: from post.haw-hamburg.de (HELO HUB02.mailcluster.haw-hamburg.de) ([141.22.24.51]) by mail3.is.haw-hamburg.de with ESMTP/TLS/AES256-SHA; 20 Apr 2016 12:09:40 +0200
Received: from CAS02.mailcluster.haw-hamburg.de (2002:8d16:183d::8d16:183d) by HUB02.mailcluster.haw-hamburg.de (2002:8d16:1833::8d16:1833) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 20 Apr 2016 12:09:39 +0200
Received: from [141.22.28.186] (141.22.250.35) by haw-mailer.haw-hamburg.de (141.22.24.61) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 20 Apr 2016 12:09:38 +0200
To: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
References: <6c28177619b64d5abf49446a5c5ffdac@HUB01.mailcluster.haw-hamburg.de> <5713C3BF.4090804@haw-hamburg.de> <09b5fac92ad24e2dbd95bb28970805c1@HUB02.mailcluster.haw-hamburg.de>
From: "Thomas C. Schmidt" <t.schmidt@haw-hamburg.de>
Message-ID: <57175558.1000403@haw-hamburg.de>
Date: Wed, 20 Apr 2016 12:09:28 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <09b5fac92ad24e2dbd95bb28970805c1@HUB02.mailcluster.haw-hamburg.de>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: 8bit
X-Originating-IP: [141.22.250.35]
Archived-At: <http://mailarchive.ietf.org/arch/msg/p2psip/UW5eUjnG2raTDiGJbh4AQS0rw2s>
Cc: "p2psip-chairs@ietf.org" <p2psip-chairs@ietf.org>, "draft-ietf-p2psip-sip@ietf.org" <draft-ietf-p2psip-sip@ietf.org>, The IESG <iesg@ietf.org>, "p2psip@ietf.org" <p2psip@ietf.org>
Subject: Re: [P2PSIP] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_draft?= =?utf-8?q?-ietf-p2psip-sip-18=3A_=28with_COMMENT=29?=
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/p2psip/>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Apr 2016 10:09:44 -0000

Hi Mirja,

actually, I'm a bit confused about this discussion. There is plenty of 
work out in the wild about P2P anonymity and pseudonym services ... TOR 
being one prominent example. However, if I'm not mistaken, no IETF 
standard exists in this area so that we cannot pointer to a standard 
solution.

A discussion of the general state of the art in this field feels well 
beyond the scope of the document: This security subsection shall only 
make people aware of this privacy aspect. It is not meant to server as a 
general purpose guidance on privacy in P2P networks. ;)

Cheers,
  Thomas

On 20.04.2016 11:52, Mirja Kuehlewind (IETF) wrote:
> Hi Thomas,
>
> that’s slightly better. However, I would rather like to see a reference to a solution or a discuss of potential solution. If there is no solution, this should be stated clearly (as a warning).
>
> Mirja
>
>
>> Am 17.04.2016 um 19:11 schrieb Thomas C. Schmidt <t.schmidt@haw-hamburg.de>;:
>>
>> Hi Mirja,
>>
>> o.k., the text is a bit sloppy. What it probably should say is that anonymity measures are not considered here.
>>
>> A proposed re-write could be:
>>
>> 8.2.4.  Privacy Issues
>>
>>    All RELOAD SIP registration data is visible to all nodes in the
>>    overlay. Location privacy can be gained from using
>>    anonymous GRUUs. Methods of providing anonymity or deploying
>>    pseudonyms exist, but are beyond the scope of this document.
>>
>> Would you agree on that?
>>
>> Thomas
>>
>> On 15.04.2016 22:56, Mirja Kuehlewind wrote:
>>> Mirja Kühlewind has entered the following ballot position for
>>> draft-ietf-p2psip-sip-18: No Objection
>>>
>>> When responding, please keep the subject line intact and reply to all
>>> email addresses included in the To and CC lines. (Feel free to cut this
>>> introductory paragraph, however.)
>>>
>>>
>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>>> for more information about IESG DISCUSS and COMMENT positions.
>>>
>>>
>>> The document, along with other ballot positions, can be found here:
>>> https://datatracker.ietf.org/doc/draft-ietf-p2psip-sip/
>>>
>>>
>>>
>>> ----------------------------------------------------------------------
>>> COMMENT:
>>> ----------------------------------------------------------------------
>>>
>>> The privacy issues text in the security consideration section sounds not
>>> very convincing:
>>>
>>> 8.2.4.  Privacy Issues
>>>
>>>     All RELOAD SIP registration data is visible to all nodes in the
>>>     overlay.  Methods of providing location and identity privacy are
>>>     still being studied.  Location privacy can be gained from using
>>>     anonymous GRUUs.
>>>
>>> Can you give more details or a reference regarding the methods that are
>>> still under study?
>>>
>>
>> --
>>
>> Prof. Dr. Thomas C. Schmidt
>> ° Hamburg University of Applied Sciences                   Berliner Tor 7 °
>> ° Dept. Informatik, Internet Technologies Group    20099 Hamburg, Germany °
>> ° http://www.haw-hamburg.de/inet                   Fon: +49-40-42875-8452 °
>> ° http://www.informatik.haw-hamburg.de/~schmidt    Fax: +49-40-42875-8409 °
>>

-- 

Prof. Dr. Thomas C. Schmidt
° Hamburg University of Applied Sciences                   Berliner Tor 7 °
° Dept. Informatik, Internet Technologies Group    20099 Hamburg, Germany °
° http://www.haw-hamburg.de/inet                   Fon: +49-40-42875-8452 °
° http://www.informatik.haw-hamburg.de/~schmidt    Fax: +49-40-42875-8409 °