Re: [perpass] draft-farrell-perpass-attack architecture issue
Scott Brim <scott.brim@gmail.com> Tue, 14 January 2014 22:10 UTC
Return-Path: <scott.brim@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE8E11AE2BA; Tue, 14 Jan 2014 14:10:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lo2H1UrCaKu6; Tue, 14 Jan 2014 14:10:08 -0800 (PST)
Received: from mail-oa0-x235.google.com (mail-oa0-x235.google.com [IPv6:2607:f8b0:4003:c02::235]) by ietfa.amsl.com (Postfix) with ESMTP id 0F9CB1AE2AA; Tue, 14 Jan 2014 14:10:07 -0800 (PST)
Received: by mail-oa0-f53.google.com with SMTP id i7so286809oag.26 for <multiple recipients>; Tue, 14 Jan 2014 14:09:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=MHIWFAi9eUIgZBDzwRJ533ehtjlZCRvtuR3Bb3pPAjw=; b=ZmyfUx77OBGiBoOp+p1OKu6mpwMyhQx4cGkBdEq19iy+5E2+JW/0F6dpqfAoNCjA6z 173EEs1dF83/t4uKUKApo6tMRtgSshe014bg2bQy1i2sfSI4BiL+mV3pH5SgP/C2OK5m C0yq9dFVuL+p+8TrnSNPfMgWcSAvlNmsDbYz4hEoaqg2gCz/n66+OgQxXCbTgPSFoRg1 4ujnkUjNlkup74tfbUrBvAkE5I49VH/i3O3t4cpexZXOwL9Ej0P0YIVrNSrLI/TJ1vNe dJy97O8Rj76uNe+NFKPeF/b8TlIVXMktq7i361Mbanvz6ig6Aw9up3/UjqKDxg42XBEu K+pA==
X-Received: by 10.60.174.167 with SMTP id bt7mr3178714oec.54.1389737396354; Tue, 14 Jan 2014 14:09:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.48.9 with HTTP; Tue, 14 Jan 2014 14:09:36 -0800 (PST)
In-Reply-To: <C19E19BF-B9A2-4EEB-8E77-DF0CAD548277@cisco.com>
References: <52D43E69.6090001@cs.tcd.ie> <C19E19BF-B9A2-4EEB-8E77-DF0CAD548277@cisco.com>
From: Scott Brim <scott.brim@gmail.com>
Date: Tue, 14 Jan 2014 17:09:36 -0500
Message-ID: <CAPv4CP-1G3ff9SovQ5-puSbDhcznmLY2LDquNv+BCN9Xpk9trw@mail.gmail.com>
To: "Fred Baker (fred)" <fred@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: perpass <perpass@ietf.org>, IETF-Discussion <ietf@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] draft-farrell-perpass-attack architecture issue
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2014 22:10:10 -0000
On Tue, Jan 14, 2014 at 4:45 PM, Fred Baker (fred) <fred@cisco.com> wrote: > So the question in the shepherd's report should not be "tell me you thought about the EU Data Retention Initiative and whether your protocol's data identifies an individual". It should be "what personal, equipment, or session identifiers, encrypted or otherwise, are carried in your protocol? How might they be correlated with offline data or otherwise used to infer the identity or behavior of an individual?" The main problem is that: privacy issues are deeper than that, the question could be misunderstood without a larger context, and there's already a set of documents discussing most of that larger context (RFC 6973, the perpass problem statement draft, etc.). The Document Shepherd Write-Up currently doesn't reference security guidelines directly. Instead of asking a few specific questions in the shepherd's writeup as you suggest, consider adding the privacy/perpass docs to BCP 72 (which already includes RFC 3552) as they are approved, and then optionally add a question to the shepherd's writeup that refers to it, in order to emphasize the increased attention to the issue. Scott
- Re: [perpass] draft-farrell-perpass-attack archit… Fred Baker (fred)
- Re: [perpass] draft-farrell-perpass-attack archit… Melinda Shore
- Re: [perpass] draft-farrell-perpass-attack archit… Scott Brim
- Re: [perpass] draft-farrell-perpass-attack archit… Fred Baker (fred)
- Re: [perpass] draft-farrell-perpass-attack archit… Stephen Farrell
- Re: [perpass] draft-farrell-perpass-attack archit… Scott Brim
- Re: [perpass] draft-farrell-perpass-attack archit… Eliot Lear
- Re: [perpass] draft-farrell-perpass-attack archit… Jari Arkko