Re: [perpass] Getting started...

SM <sm@resistor.net> Sat, 17 August 2013 00:41 UTC

Return-Path: <sm@resistor.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3473B11E8158 for <perpass@ietfa.amsl.com>; Fri, 16 Aug 2013 17:41:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.404
X-Spam-Level:
X-Spam-Status: No, score=-102.404 tagged_above=-999 required=5 tests=[AWL=0.195, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sLfhXs+4CQnq for <perpass@ietfa.amsl.com>; Fri, 16 Aug 2013 17:41:53 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 38B8811E80D7 for <perpass@ietf.org>; Fri, 16 Aug 2013 17:41:53 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r7H0eREs006052; Fri, 16 Aug 2013 17:40:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1376700033; bh=vxuzcHLmH0TzY9eWQ2YJyTd6ooRZjWJliiMCyA+Y/a0=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=vfvhuj1vfs/cvItdZ+wfblT2z4CDKMXVVYh6sLHZ34vyunY9dJV1j9fSd2EvGzBrP 1stiK6F1M9JUzb/ffrNdPpWJr1fgfWaR7xwRLSFZg3qW2RE2/orbkbMTKhLn8OAuNL W/8nGKfdBY9kcPBfkH3XuFRJxUVr9nefTgTI71+w=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1376700033; i=@resistor.net; bh=vxuzcHLmH0TzY9eWQ2YJyTd6ooRZjWJliiMCyA+Y/a0=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=KfnqNaV2a3X6rEh191kziXhBpaR3Sgf6dLhphDpjYT00Ixi2XT3l9I2tFXdyAaOv1 gYfig7FqjDhwhliw9sWIn6kJHVkr50ovFXnvmWTju+O4CBhRceLa4FYTLZgqJG9PUR f6AgcTEt+e/qGRZ+hIiaGw6QKx4wccItAo0t4Xjw=
Message-Id: <6.2.5.6.2.20130816171144.0c01f738@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Fri, 16 Aug 2013 17:40:12 -0700
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
From: SM <sm@resistor.net>
In-Reply-To: <520E5684.1090005@cs.tcd.ie>
References: <520E5684.1090005@cs.tcd.ie>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: perpass@ietf.org
Subject: Re: [perpass] Getting started...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2013 00:41:54 -0000

Hi Stephen,
At 09:42 16-08-2013, Stephen Farrell wrote:
>IETF list, normal rules (IPR and netiquette) apply, if you're not
>sure if something is appropriate for this list, feel free to ask Sean
>or I offlist, but our hope is to try make progress on some or all of
>the following:
>
>- experiences with IETF protocols and how they allow for
>   fingerprinting and monitoring, esp. in unexpected ways
>- things we might practically do about that in the IETF, ideally in
>   terms of concrete ideas for protocol or operational changes, and even
>   more ideally with protocols that have active working groups who're
>   interested in taking on such work
>- ideas for new work that'd make our protocols more robust in the
>   face of such pervasive monitoring
>- descriptions of new threat models that might help people doing
>   protocol work in the IETF
>- how to get to a "privacy by default" situation as Randy called
>   it
>- whatever else fits the scope:-)
>
>The only thing to add to that for now is that since the kinds of
>monitoring we're considering can be done at many layers, we should
>not only be considering the web, or application layer or just
>security protocols, but the full suite of protocols and areas in
>which the IETF works.

"Privacy by default" has, up to now, been a failure in the IETF.  As 
you pointed out things do not happen unless someone volunteers to do 
the work.  There has been a lack of volunteers.  I don't know why.  I 
don't know who is trying to fix that.

Discussions about monitoring is a sensitive subject.  I am curious to 
see whether the 50 people are willing to discuss about that on this 
mailing list. :-)

Regards,
-sm