Re: [privacydir] request for a SAVI doc review
Ted Hardie <ted.ietf@gmail.com> Tue, 01 November 2011 14:56 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: privacydir@ietfa.amsl.com
Delivered-To: privacydir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 210A921F997D for <privacydir@ietfa.amsl.com>; Tue, 1 Nov 2011 07:56:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.49
X-Spam-Level:
X-Spam-Status: No, score=-2.49 tagged_above=-999 required=5 tests=[AWL=-0.558, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iC1We2vTnaLl for <privacydir@ietfa.amsl.com>; Tue, 1 Nov 2011 07:56:55 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 404DD21F997B for <privacydir@ietf.org>; Tue, 1 Nov 2011 07:56:55 -0700 (PDT)
Received: by gyh20 with SMTP id 20so8546591gyh.31 for <privacydir@ietf.org>; Tue, 01 Nov 2011 07:56:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=i++5kWxwLOhP2zCUrY/IHxGG06i8qnlssiw5G6BhIlQ=; b=p7l/2lQrt1zOsYzo4CJ6JOAE9XU+yd2QsICsgvNd3MOhVJOVlD9oOCCkIgqPl5sKOS Y5U/WKEN/5poXAK21C+lPIUlUYtmZ4UzXjJZbYrkNRC+xKGP2WYcRqqMDhh2H5ET0ZA5 i7yrsG1iaCcwCjP62uu3xbb3sMpnEAjuGe0mc=
MIME-Version: 1.0
Received: by 10.236.131.80 with SMTP id l56mr3888184yhi.109.1320159408996; Tue, 01 Nov 2011 07:56:48 -0700 (PDT)
Received: by 10.236.105.169 with HTTP; Tue, 1 Nov 2011 07:56:48 -0700 (PDT)
In-Reply-To: <4EAFD861.6040007@cs.tcd.ie>
References: <4EA981A9.2080200@cs.tcd.ie> <CA+9kkMD-JgQhHb5ZhemOcvs9owV1BoRbn6ROswpG+O0q5fvK1g@mail.gmail.com> <4EAFD861.6040007@cs.tcd.ie>
Date: Tue, 01 Nov 2011 07:56:48 -0700
Message-ID: <CA+9kkMCDFsAkpm4w_Gq_1srit=K71+Q05jt1bjAxOp7bnZrr1Q@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="20cf300e55d79ec1ca04b0ad90fe"
Cc: privacydir@ietf.org
Subject: Re: [privacydir] request for a SAVI doc review
X-BeenThere: privacydir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." <privacydir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacydir>, <mailto:privacydir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/privacydir>
List-Post: <mailto:privacydir@ietf.org>
List-Help: <mailto:privacydir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacydir>, <mailto:privacydir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2011 14:56:56 -0000
Hi Stephen, This sounds fine to me, regards, Ted On Tue, Nov 1, 2011 at 4:30 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>wrote: > > Hi Ted, > > I've also had a read of this now and agree with you. I'm putting > in a discuss that says: > > "This makes no mention at all of privacy which I think needs to > be there somewhere. Given that Joel is planning to add text on > that to savi-threats I'd be fine if that is just referenced from > here, or even if that text is moved from savi-threats to this > document, and savi-threats could refer to it here. But the > privacy implications of SAVI do need to be covered here too." > > I think that ought be ok since I expect Joel to do a good > job on this in the savi-threats document. I also put in a link > to your mail as a comment. > > Let me know if you think that more or something else is > likely to be needed. > > Thanks again for the review, > > S. > > > On 10/31/2011 08:07 PM, Ted Hardie wrote: > >> Hi Stephen, >> >> I've read through the framework document. My baseline impression is that >> the document makes a presumption about the relationship between the host >> and the network employing SAVI that is true when it is the access network >> (that is, the network assigning the IP address to be verified). In that >> deployment scenario, it is expected for the network to be able to >> associate >> layer two identifiers with the layer 3 identifier (after all, it must to >> be >> able to deliver return traffic). >> >> What's not clear to the naive reader (read: me) is how you prevent SAVI >> from operating from other parts of the network; that is, how does the >> overall framework guard against SAVI being used by some later network >> on-path getting access to these bindings? I assume that this is detailed >> elsewhere in the protocol documents, but I believe a short discussion of >> the privacy threat in framework, along with a pointer to the protocol >> mechanism would be valuable. >> >> If the expectation is that SAVI can operate from multiple places in the >> network (including, say, the destination network), then I believe there is >> a more serious privacy concern. >> >> regards, >> >> Ted Hardie >> >> On Thu, Oct 27, 2011 at 9:07 AM, Stephen Farrell >> <stephen.farrell@cs.tcd.ie>**wrote: >> >> >>> Hi, >>> >>> There's a SAVI document [1] on the Nov 3 telechat. I'd appreciate >>> a review of that from a privacy perspective if someone has the >>> time in the next week. (Just reply to this if you've time.) >>> >>> Previous SAVI documents have generated privacy related >>> DISCUSSes [2,3] which may be useful background. >>> >>> Thanks in advance, >>> S. >>> >>> [1] https://datatracker.ietf.org/****doc/draft-ietf-savi-**framework/<https://datatracker.ietf.org/**doc/draft-ietf-savi-framework/> >>> <https://**datatracker.ietf.org/doc/**draft-ietf-savi-framework/<https://datatracker.ietf.org/doc/draft-ietf-savi-framework/> >>> > >>> [2] https://datatracker.ietf.org/****doc/draft-ietf-savi-fcfs/<https://datatracker.ietf.org/**doc/draft-ietf-savi-fcfs/> >>> <htt**ps://datatracker.ietf.org/doc/**draft-ietf-savi-fcfs/<https://datatracker.ietf.org/doc/draft-ietf-savi-fcfs/> >>> > >>> [3] https://datatracker.ietf.org/****doc/draft-ietf-savi-threat-**** >>> scope/<https://datatracker.ietf.org/**doc/draft-ietf-savi-threat-**scope/> >>> <https://datatracker.**ietf.org/doc/draft-ietf-savi-**threat-scope/<https://datatracker.ietf.org/doc/draft-ietf-savi-threat-scope/> >>> > >>> >>> ______________________________****_________________ >>> privacydir mailing list >>> privacydir@ietf.org >>> https://www.ietf.org/mailman/****listinfo/privacydir<https://www.ietf.org/mailman/**listinfo/privacydir> >>> <https://**www.ietf.org/mailman/listinfo/**privacydir<https://www.ietf.org/mailman/listinfo/privacydir> >>> > >>> >>> >>
- [privacydir] request for a SAVI doc review Stephen Farrell
- Re: [privacydir] request for a SAVI doc review Ted Hardie
- Re: [privacydir] request for a SAVI doc review Richard L. Barnes
- Re: [privacydir] request for a SAVI doc review Ted Hardie
- Re: [privacydir] request for a SAVI doc review Stephen Farrell
- Re: [privacydir] request for a SAVI doc review Stephen Farrell
- Re: [privacydir] request for a SAVI doc review Ted Hardie