Re: [privacydir] getting things started

"Polk, William T." <> Tue, 11 January 2011 15:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 06D2A28C193 for <>; Tue, 11 Jan 2011 07:06:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.517
X-Spam-Status: No, score=-6.517 tagged_above=-999 required=5 tests=[AWL=0.081, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ANjUBoNYm0bV for <>; Tue, 11 Jan 2011 07:06:26 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 00F6D28C2CB for <>; Tue, 11 Jan 2011 07:06:25 -0800 (PST)
Received: from ( []) by (8.13.1/8.13.1) with ESMTP id p0BF8fH2001452; Tue, 11 Jan 2011 10:08:41 -0500
Received: from ([fe80::d479:3188:aec0:cb66]) by ([]) with mapi; Tue, 11 Jan 2011 10:08:28 -0500
From: "Polk, William T." <>
To: Deirdre Mulligan <>, Sean Turner <>, "" <>
Date: Tue, 11 Jan 2011 10:08:26 -0500
Thread-Topic: [privacydir] getting things started
Thread-Index: Acut078U6caiJoxiSuWPf6FC4zJSGQDzaZfy
Message-ID: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_C951DC9A1D404wpolknistgov_"
MIME-Version: 1.0
X-NIST-MailScanner: Found to be clean
Cc: "" <>
Subject: Re: [privacydir] getting things started
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Jan 2011 15:06:34 -0000

Hi Deirdre,

There is no fixed timeline on any of this - this is more of an experiment.  We can't take more concrete steps, like a BCP that adds privacy considerations to the required scope of Security Considerations, until we build rough consensus that the experiment worked.  There are certainly other holes to fill, but Sean and I see this as the low hanging fruit in the frighteningly complex privacy space.

It is probably premature to move on to decisional documents (BCPs and standards track specifications).  Design teams to develop the initial drafts is an excellent idea, and will certainly be considered.  In the end, we will still need to build IETF-wide consensus, though.  At this stage, I suspect the community is more likely to support experimental documents.

We would be happy to have input from your students... identifying drafts that have security implications and evaluating the impact is critical to the success of the experiment.  We would prefer to have their input funneled through you and your colleague, though.  We are being pretty ruthless about limiting subscribers to the core team right now.


Tim Polk

On 1/6/11 1:58 PM, "Deirdre Mulligan" <> wrote:

Hi Sean et al
Can you tell me what the timeline is on the two below?
I am happy to take on some of the evaluation work under 2 and will plan
to work it into a lab class I am running this semester looking at policy
implications of technical design.

On topic 1, I would suggest that we think about other models--both
decisional documents, expert committees, etc. -- in addition to the
morris draft for iding and working through privacy issues in drafts.

thanks and happy new year.

On 1/5/11 6:04 AM, Sean Turner wrote:
> Everyone,
> Thanks for agreeing to be in this directorate. The purpose is twofold:
> 1. Provide a place to discuss the Privacy Considerations for Internet
> Protocols draft
> (
> 2. Test out the recommendations in that draft by reviewing selected drafts.
> Most that I talked to about this directorate liked the idea that it
> would be modeled on the security directorate. To do that we'll need a
> secretary to review the upcoming IESG telechat agenda
> (, select drafts to
> review, and assign drafts to reviewers. What that means is that we'll
> actually need people to review drafts and send their comments to the
> directorate. The workload will, I think, at most be one draft a month
> per person. Now there are only 15 or so, but we've had 30 requests to
> join the directorate. So, the workload could actually drop.
> I've gotten at least one recommendation for a secretary and Tim and I
> will see if they'd be game. I suspect the assignment process will happen
> by generating the list of directorate reviewers and then just working
> through the list.
> Tim and I had picked out two drafts that seemed bang on appropriate for
> the directorate to review:
> and
> Tim and I both have some initial comments on the httpstate-cookie draft.
> You can see them by clicking on the IESG evaluation tab in he
> datatracker. If you think we've missed something please send email to
> this list.
> Nick Mathewson provided Tim and I with some comments on the ipfix-anon
> draft which I will forward shortly to the mailing list.
> Cheers,
> spt
> _______________________________________________
> privacydir mailing list

Deirdre K. Mulligan

Assistant Professor

School of Information

UC Berkeley


privacydir mailing list