Re: [perpass] Getting started...

SM <> Sat, 17 August 2013 00:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3473B11E8158 for <>; Fri, 16 Aug 2013 17:41:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.404
X-Spam-Status: No, score=-102.404 tagged_above=-999 required=5 tests=[AWL=0.195, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sLfhXs+4CQnq for <>; Fri, 16 Aug 2013 17:41:53 -0700 (PDT)
Received: from ( [IPv6:2001:470:f329:1::1]) by (Postfix) with ESMTP id 38B8811E80D7 for <>; Fri, 16 Aug 2013 17:41:53 -0700 (PDT)
Received: from (IDENT:sm@localhost []) (authenticated bits=0) by (8.14.5/8.14.5) with ESMTP id r7H0eREs006052; Fri, 16 Aug 2013 17:40:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail2010; t=1376700033; bh=vxuzcHLmH0TzY9eWQ2YJyTd6ooRZjWJliiMCyA+Y/a0=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=vfvhuj1vfs/cvItdZ+wfblT2z4CDKMXVVYh6sLHZ34vyunY9dJV1j9fSd2EvGzBrP 1stiK6F1M9JUzb/ffrNdPpWJr1fgfWaR7xwRLSFZg3qW2RE2/orbkbMTKhLn8OAuNL W/8nGKfdBY9kcPBfkH3XuFRJxUVr9nefTgTI71+w=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail; t=1376700033;; bh=vxuzcHLmH0TzY9eWQ2YJyTd6ooRZjWJliiMCyA+Y/a0=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=KfnqNaV2a3X6rEh191kziXhBpaR3Sgf6dLhphDpjYT00Ixi2XT3l9I2tFXdyAaOv1 gYfig7FqjDhwhliw9sWIn6kJHVkr50ovFXnvmWTju+O4CBhRceLa4FYTLZgqJG9PUR f6AgcTEt+e/qGRZ+hIiaGw6QKx4wccItAo0t4Xjw=
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Fri, 16 Aug 2013 17:40:12 -0700
To: Stephen Farrell <>
From: SM <>
In-Reply-To: <>
References: <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Subject: Re: [perpass] Getting started...
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 17 Aug 2013 00:41:54 -0000

Hi Stephen,
At 09:42 16-08-2013, Stephen Farrell wrote:
>IETF list, normal rules (IPR and netiquette) apply, if you're not
>sure if something is appropriate for this list, feel free to ask Sean
>or I offlist, but our hope is to try make progress on some or all of
>the following:
>- experiences with IETF protocols and how they allow for
>   fingerprinting and monitoring, esp. in unexpected ways
>- things we might practically do about that in the IETF, ideally in
>   terms of concrete ideas for protocol or operational changes, and even
>   more ideally with protocols that have active working groups who're
>   interested in taking on such work
>- ideas for new work that'd make our protocols more robust in the
>   face of such pervasive monitoring
>- descriptions of new threat models that might help people doing
>   protocol work in the IETF
>- how to get to a "privacy by default" situation as Randy called
>   it
>- whatever else fits the scope:-)
>The only thing to add to that for now is that since the kinds of
>monitoring we're considering can be done at many layers, we should
>not only be considering the web, or application layer or just
>security protocols, but the full suite of protocols and areas in
>which the IETF works.

"Privacy by default" has, up to now, been a failure in the IETF.  As 
you pointed out things do not happen unless someone volunteers to do 
the work.  There has been a lack of volunteers.  I don't know why.  I 
don't know who is trying to fix that.

Discussions about monitoring is a sensitive subject.  I am curious to 
see whether the 50 people are willing to discuss about that on this 
mailing list. :-)