Re: [Pearg] IETF 102 - PEARG Side meeting: 1820-1900 on Tuesday 17th July 2018 - NOTES

Sara Dickinson <> Thu, 19 July 2018 12:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6F123126CC7 for <>; Thu, 19 Jul 2018 05:23:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6rym9MSleGnY for <>; Thu, 19 Jul 2018 05:23:00 -0700 (PDT)
Received: from ( [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BB19A126BED for <>; Thu, 19 Jul 2018 05:22:59 -0700 (PDT)
Received: from [2001:67c:1232:144:b5ae:faac:ffce:94b9] (port=49653) by with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <>) id 1fg7xN-0001oc-Sn for; Thu, 19 Jul 2018 13:22:58 +0100
From: Sara Dickinson <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C8FB17DA-8663-4D4F-9BA7-1908DEA2B396"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Thu, 19 Jul 2018 08:22:51 -0400
References: <> <> <>
To: "" <>
In-Reply-To: <>
Message-Id: <>
X-Mailer: Apple Mail (2.3445.9.1)
X-BlackCat-Spam-Score: 4
Archived-At: <>
Subject: Re: [Pearg] IETF 102 - PEARG Side meeting: 1820-1900 on Tuesday 17th July 2018 - NOTES
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 19 Jul 2018 12:23:04 -0000

Hi All, 

Many thanks to all that attended to meeting this week and for the feedback on the list since then. 

The notes from the meeting are below (thanks to Joe for taking them!) Updates, comments or additional recollections welcome.

We’ll work on revising the charter based on all the input and circulate a new version for review in the near future.


* Agenda bashing

* Charter discussion
  * Link:
  * Niels: under Objectives there is a narrative and then a list
    * might be good to number things other than assessments (which are currently the only things numbered)
  * Shivan: we should emphasize bringing new PETs in the narrative as well.
  * Ameila: on Collaborations, there is a small section in Meetings to collab with PETS
    * on the examples: the first two are variants of statistical inference, how about having that and putting specific analysis elements in there?
    * DP is a metric, not a system
    * Would go for something more generic than just MPC
  * Alison Mankin: I got them to put those examples in there
    * there is an Apple imp of DP (JLH: and Chrome)
    * Techniques of that sort could be used to help protect privacy
    * Perhaps there is a better way to word that.
    * We want to word this to signpost where the group could go in the future
  * Amelia: point out Chrome and Apple usage
  * Shivan: not meant to define scope but serve as examples of things we might want to work on
  * Allison: would like to have more examples of these kinds of things that could be more useful in IRTF/IETF
  * Kirsty: sounds like you're looking at the tech side of things and not legal.
    * Why do you mention GDPR?
    * Sara D: Not sure how GDPR is going to be important, but we think it is.
      * cross-over between tech and law could come here.
    * e.g., blockchain can remove RTBF, not great for GDPR
    * Ameila: Priv Intl did a good walkthrough of privacy laws in 2013
      * often run into privacy laws via data minimization.
    * Wendy: useful to think about the interaction between technical and larger socio/technical/economic environment
      * useful area of research to think about why have protocol design efforts not succeeded as we may have wanted.
    * Joe: also e-privacy directive will come up
    * Christine: we should not focus entirely on Europe.
    * Niels: we can add that privacy is an inherently social, technical, economic, and legal construct.
  * Wendy: invite collaboration with w3c and the privacy interest group there (PING)
    * in the discussion of meetings potentially being closed, we may want to say "confidentiality" rather than privacy.
    * PING meeting Thursday at noon.
  * Jim Fenton: I'm concerned that a lot of people might think that privacy is solely encryption or confidentiality
    * maybe we can borrow a definition of privacy to constrain our efforts.
    * Sara: should this limit our work?
      * We were thinking of working from RFC 6973, Privacy considerations.
    * Amelia: in RFC 6973 there is a short section on correlation of data... what DP tries to do is make a privacy-preserving query to a database and still make useful inferences from that set.
      * RFC 6973 may be too narrow as it may not apply to some of the newer technologies
    * Sara: we said we'll be informed by that but not be limited by it. Maybe we can make companion documents related to these.
  * Niels: we have seen a privacy directorate trying to do reviews with varying levels of success.
    * HRPC is doing Human Rights reviews that include privacy.
    * Hope we can make sure we don't overcommit these resources, and collaborate/resonate.
  * EKR: a bit of experience to form review teams focus on one area, i.e., security area.
    * coming in at the end and reviewing for a particular issue is not going to have a lot of impact.
    * need to engage earlier with the folks during the design of the protocols.
    * Shivan: should this be part of the charter? bake in early contributions.
  * Wes: seems too narrow to be reactionary enough
    * e.g., privacy of data at rest, but we haven't explored privacy during hand off between protocols
    * We should be coming up with stuff that the IETF is not doing or not at a place yet.
  * DKG: privacy has a scope well beyond network protocols
    * in IETF we have a limited slice that we focus on and do that well
    * May miss sometimes places that are out of the narrow scope
    * e.g., DHCP anon requires a ton of other stuff.. MAC address, TLS state scrubbing
    * How can we address that without going to far?
    * Things that are above or below our layers? layer 2 or layer 9
    * How can we address that?
    * Alison: IRTF is not bound to stay within the things that IETF has.
    * EKR: going in opposite direction: we wish we knew how to do things but we don't
      * until a month ago we didn't know how to encrypt SNI but now we do.
      * IETF is very target-focused... so things get dropped.
      * could do it like CFRG, "we don't know how to do this thing but if you can we can suck it into IETF"
  * Sara: please continue discussion of the charter on the list.

* What are pieces of work that could happen here
  * JLH: would like to talk about things that are happening in the real world that have no standardization path
  * Stephen F: would like to make this more broad than fix the IETF.
    * we kind of understand security analysis but not privacy analysis
    * Sara: would some of the work done on privacy analysis of DNS be useful here.
      * Allison: A methodology of quantifying DNS privacy.
  * Allison: can we get on the ground to analyze MLS privacy aspects so we don't fall into traps other messengers have fallen in.
  * Wendy: privacy preserving reputation systems would be neat to look at.
* Sara: collaborations Tor, EFF, OTF.
  * Stephen: communities around things like PETS and SOUPS
  * JLH: Maybe invite Seda Gurses or others for keynote

* Shivan: should we meet at the next IETF or somewhere else?
  * should we colocate with PETS?
    * Niels: might depend on the strategy... are we bringing work to PETS? trying to attract people from PETS?

> On 14 Jul 2018, at 16:50, Sara Dickinson <> wrote:
> Hi All, 
> We have our meeting time confirmed now - we are going to squeeze the meeting in on Tuesday between then end of the last session and the start of the social:
> Saint-Denis room from 1820-1900 on Tuesday 17th July 2018
> Our proposed agenda is:
> * Welcome by the chairs
> * Review of the Proposed charter. Request for comments and discussion
> * Review of the list of WG with work or interest and topics sent to mailing list
>    * Request for discussion on proposed work, particularly that outside of the IETF
>    * Also requests for people willing to champion/shepherd along topics 
> * Discussion of future meetings and co-location ideas
> * Head to the social!
> but please feel free to suggest other topics. 
> Best regards
> Sara. 
>> On 9 Jul 2018, at 12:02, Allison Mankin < <>> wrote:
>> Hi, Hannes,
>> I think if this does end up on Tuesday, it will end early enough for the social.  A room hasn't been found yet, so stay tuned.
>> Allison (for the IRTF)
>> On 7 July 2018 at 03:58, Hannes Tschofenig < <>> wrote:
>> Hi Sara,
>> I noticed your announcement and the content of the planned work is interesting. As a meeting date you picked the Tuesday, which overlaps with the social event.
>> I wonder whether this was an oversight.
>> Ciao
>> Hannes
>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>> -- 
>> Pearg mailing list
>> <>
>> <>
>> -- 
>> Pearg mailing list
>> <>
> -- 
> Pearg mailing list