Re: [perpass] Getting started...

Dave Crocker <> Sat, 17 August 2013 17:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0B18211E8197 for <>; Sat, 17 Aug 2013 10:32:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.578
X-Spam-Status: No, score=-6.578 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gKP2VLS6UBDa for <>; Sat, 17 Aug 2013 10:32:49 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 0945521F99BE for <>; Sat, 17 Aug 2013 10:32:49 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id r7HHWbQn023238 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 17 Aug 2013 10:32:41 -0700
Message-ID: <>
Date: Sat, 17 Aug 2013 10:32:16 -0700
From: Dave Crocker <>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: SM <>
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 ( []); Sat, 17 Aug 2013 10:32:43 -0700 (PDT)
Subject: Re: [perpass] Getting started...
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 17 Aug 2013 17:32:54 -0000

>> The only thing to add to that for now is that since the kinds of
>> monitoring we're considering can be done at many layers, we should
>> not only be considering the web, or application layer or just
>> security protocols, but the full suite of protocols and areas in
>> which the IETF works.
> "Privacy by default" has, up to now, been a failure in the IETF.  As you
> pointed out things do not happen unless someone volunteers to do the
> work.  There has been a lack of volunteers.  I don't know why.  I don't
> know who is trying to fix that.

We probably should draw a bright line between basic, classic 
"confidentiality" mechanisms, versus whatever we mean by "privacy". 
(The IAB was explicit in not being willing to choose a specific 
definition for its RFC on the topic -- however we might want to settle 
on one, to assist technical guidance.)

Better confidentiality mechanisms (eg, content encryption) might 
facilitate better privacy, but keeping the two constructs clearly 
distinct will probably aid both group focus and clarity about the work 
when communicating to others.


Dave Crocker
Brandenburg InternetWorking