Re: [perpass] Getting started...

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 17 August 2013 10:05 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2B8F21F888F for <perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 03:05:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vSOlwBtJPade for <perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 03:05:36 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id ADB5F21F8CDD for <perpass@ietf.org>; Sat, 17 Aug 2013 03:05:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C79B0BE29; Sat, 17 Aug 2013 11:05:24 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C+4SRt2PblBY; Sat, 17 Aug 2013 11:05:23 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.44.67.197]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id EDEC7BE25; Sat, 17 Aug 2013 11:05:22 +0100 (IST)
Message-ID: <520F4AE1.5040403@cs.tcd.ie>
Date: Sat, 17 Aug 2013 11:05:21 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: SM <sm@resistor.net>
References: <520E5684.1090005@cs.tcd.ie> <6.2.5.6.2.20130816171144.0c01f738@resistor.net>
In-Reply-To: <6.2.5.6.2.20130816171144.0c01f738@resistor.net>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] Getting started...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2013 10:05:45 -0000

Hi SM,

On 08/17/2013 01:40 AM, SM wrote:
> Hi Stephen,
> At 09:42 16-08-2013, Stephen Farrell wrote:
>> IETF list, normal rules (IPR and netiquette) apply, if you're not
>> sure if something is appropriate for this list, feel free to ask Sean
>> or I offlist, but our hope is to try make progress on some or all of
>> the following:
>>
>> - experiences with IETF protocols and how they allow for
>>   fingerprinting and monitoring, esp. in unexpected ways
>> - things we might practically do about that in the IETF, ideally in
>>   terms of concrete ideas for protocol or operational changes, and even
>>   more ideally with protocols that have active working groups who're
>>   interested in taking on such work
>> - ideas for new work that'd make our protocols more robust in the
>>   face of such pervasive monitoring
>> - descriptions of new threat models that might help people doing
>>   protocol work in the IETF
>> - how to get to a "privacy by default" situation as Randy called
>>   it
>> - whatever else fits the scope:-)
>>
>> The only thing to add to that for now is that since the kinds of
>> monitoring we're considering can be done at many layers, we should
>> not only be considering the web, or application layer or just
>> security protocols, but the full suite of protocols and areas in
>> which the IETF works.
> 
> "Privacy by default" has, up to now, been a failure in the IETF.  

Not sure that I agree. We don't do that, sure. But it'll only be
a failure when we've actually tried, and we've not. And partly
that's because not enough of us know what can be done.

> As you
> pointed out things do not happen unless someone volunteers to do the
> work.  There has been a lack of volunteers.  I don't know why.  I don't
> know who is trying to fix that.

"We" are trying to fix that, where we == this list.

> Discussions about monitoring is a sensitive subject.  

Yes. However, even those who want to be able to monitor at point X,
probably don't want their sensitive stuff monitored at points Y,Z,...
So you don't actually have to have inhaled all the fumes to think
its a good plan for Internet protocols to be more robust against
pervasive monitoring.

> I am curious to
> see whether the 50 people are willing to discuss about that on this
> mailing list. :-)

I hope so. We had some good discussions in Berlin at any rate and
my hope is that at least the people involved in that will chime in.
But I guess we'll see when we see.

S.


> 
> Regards,
> -sm
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>