Re: [Pearg] I-D Action: draft-irtf-pearg-safe-internet-measurement-00.txt

Eric Rescorla <> Mon, 08 July 2019 13:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 788A2120182 for <>; Mon, 8 Jul 2019 06:30:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.601
X-Spam-Status: No, score=-0.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7UuRoe5J-3T8 for <>; Mon, 8 Jul 2019 06:30:48 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2A2C3120178 for <>; Mon, 8 Jul 2019 06:30:48 -0700 (PDT)
Received: by with SMTP id c9so9191655lfh.4 for <>; Mon, 08 Jul 2019 06:30:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pbgeKtyjxXASsaZyJGCnrYBvYaYCohH6Z2egU8zU62U=; b=dE2/yY2WvhLdLBoRGEGYSi3/GtJtFQT3jZK6U22JYvQlng7RqXOurf8bU9lF/bDruH yf72jeoFsE+kGVMgFSudrrUyo80BKyw7ie/3+OA/DpPa4KrtgNeQIb2bYKjNkdQ03akn YBSs9KPbA01s2UZwJ0eSZyTBV5wcSKsCe6vZf78BsOulk/SRHo1ubWljbhw67+eihtFL cE0nwGqH98Qk4oQPIvE8B6joMgIQ4nsMBPXutvCgujc4o196FZSo21KJmAnfgyLWSrKB lhlpoPRSQenKWt9gL48yJO699fQ11yOx9b6KNK/ezKX6Mtf5OdYyzvWHN+nf9pVBz2Ty 23BA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pbgeKtyjxXASsaZyJGCnrYBvYaYCohH6Z2egU8zU62U=; b=cjyCYA+4NYWi7h1EVpD3xcwgxa/YeL1pEEr9FBBkSlW/V8W3Prs8Akb1kBonn0j6hM 2wCkczJsu1dsJwr00N60UDw6WI1JW8ijpFUrFqNyOFycylf8DZDItH8e+VJke5snYbQe CxkrPXDtE+SclQrfaaCmvzJIkBhougb3vfQAQnH7Q1jwmpDmDh7dUXGgWeXUi3cy8EEe zvKVAvQsIwX7QVf+sqilfLNonunoCrQ3bov7ugK1/wA4uReYAz3EbCqlQc4pRAOdsibd Tl00YLdIaHwfgjF+eubp+b1CubT4OPMrYiapOBPwJwebuX/djSdsAOadBJiYVjr1vLsE uMjQ==
X-Gm-Message-State: APjAAAUihdoxnxl5ht2ixMa7pOM+4yz1HigWV4iMaX8pvqInyg/EztU9 J4G6nKNSjrFJcW/PXESFb7JPVj8/3PrhW/UZkrY5vQ==
X-Google-Smtp-Source: APXvYqxzuP5ZEwaAzwfyo9UtwxSj+FDJw7cm1uMOwo578WpCJC6q+Bpm4vX5/4QzTjSJclZt4v721TKORaN8Udzv0M4=
X-Received: by 2002:ac2:51a3:: with SMTP id f3mr7072033lfk.94.1562592646270; Mon, 08 Jul 2019 06:30:46 -0700 (PDT)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Eric Rescorla <>
Date: Mon, 8 Jul 2019 06:30:09 -0700
Message-ID: <>
To: Iain Learmonth <>
Content-Type: multipart/alternative; boundary="0000000000009c1ffb058d2b7307"
Archived-At: <>
Subject: Re: [Pearg] I-D Action: draft-irtf-pearg-safe-internet-measurement-00.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Jul 2019 13:30:51 -0000

After a quick look, I see....

Document: draft-irtf-pearg-safe-internet-measurement-01.txt

   The reduced impact should not be used as an excuse for pushing higher
   risk updates, only updates that could be considered appropriate to
   push to all users should be A/B tested.

This may just be wordsmithing, but as written, this text is entirely
unrealistic. One of the major reasons that one does A/B testing is
that you are concerned about risk in the Treatment group (e.g., that
there will be a higher risk of failures, crashes, etc.) and the
reason you are doing an A/B test is to mitigate that risk.

I'm not sure how to phrase this (internally, we usually talk about
the code having been appropriately reviewed and landed according
to policy), but the current text doesn't work.


On Mon, Jul 8, 2019 at 6:10 AM Iain Learmonth <> wrote:

> Hi All,
> I wasn't sure that I'd have the time today to work on this, and I wanted
> to make sure the chairs had time to approve the rename before the
> cut-off, so I've uploaded two versions in quick succession. Sorry if
> you've already read the new -00 only to find that a -01 has already
> appeared.
> If you'd like to diff the new -01 against the previous individual draft,
> see:
> Big changes are the inclusion of "case studies" in to help describe
> situations in which differing levels of consent might be considered
> acceptable for measurements to be performed, and also expansion of the
> data minimalization section.
> Instead of redefining anonymity, psuedonymity and the thresholds needed
> to say that a system can achieve these things, it may be useful to
> reference draft-irtf-hrpc-anonymity depending on how that draft develops.
> The guidelines on where consent is required do belong in this draft, but
> the definition of informed consent, proxy consent and implied consent
> may instead be in an HRPC draft. I've not looked extensively through
> those drafts yet.
> As always, comments are welcome either directly to me or via the PEARG
> list.
> I won't be at this IETF meeting but am happy to chat by mail or set up a
> call with anyone on this topic.
> Thanks,
> Iain.
> --
> Pearg mailing list