Re: [privacydir] draft-ietf-httpstate-cookie (was Re: getting things started)
Sean Turner <turners@ieca.com> Thu, 13 January 2011 15:16 UTC
Return-Path: <turners@ieca.com>
X-Original-To: privacydir@core3.amsl.com
Delivered-To: privacydir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D60353A69B9 for <privacydir@core3.amsl.com>; Thu, 13 Jan 2011 07:16:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.533
X-Spam-Level:
X-Spam-Status: No, score=-102.533 tagged_above=-999 required=5 tests=[AWL=0.065, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oKggwEuvdiau for <privacydir@core3.amsl.com>; Thu, 13 Jan 2011 07:16:49 -0800 (PST)
Received: from nm29-vm0.bullet.mail.ac4.yahoo.com (nm29-vm0.bullet.mail.ac4.yahoo.com [98.139.52.248]) by core3.amsl.com (Postfix) with SMTP id 60EE33A6892 for <privacydir@ietf.org>; Thu, 13 Jan 2011 07:16:49 -0800 (PST)
Received: from [98.139.52.189] by nm29.bullet.mail.ac4.yahoo.com with NNFMP; 13 Jan 2011 15:19:09 -0000
Received: from [98.139.52.139] by tm2.bullet.mail.ac4.yahoo.com with NNFMP; 13 Jan 2011 15:19:09 -0000
Received: from [127.0.0.1] by omp1022.mail.ac4.yahoo.com with NNFMP; 13 Jan 2011 15:19:08 -0000
X-Yahoo-Newman-Id: 991241.45366.bm@omp1022.mail.ac4.yahoo.com
Received: (qmail 30546 invoked from network); 13 Jan 2011 15:19:08 -0000
Received: from thunderfish.local (turners@96.241.0.234 with plain) by smtp112.biz.mail.re2.yahoo.com with SMTP; 13 Jan 2011 07:19:08 -0800 PST
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: .RZY8p0VM1nauDQ8.bnqzU3_93Q7do7AgtF9wQcBc16GPji juCu9n7e9YZAsD1dcJziTwNJLOBCr.qGwQ2ZepVq3UsQIoJ4tQpu98N4O4wy HDG3GZOP1UTwFl7y8kqYwwdmj0GQYZXkq44QTZ6Eyl.DZffTIlNJqRmQ4HQ6 fRJbmy.IPLEex4a.JrYF.aI1fVoq6ycaqdFny5DKLmb9a3v2IdcZSHHyIK.t SSRdyFL0LrjAJ69l9.1BGQZRz1eBi3UN9YRbUSwgAWjIHRgL8uXk5hYZhw7E R_yv4be7dcBPXWl4Uo6UaKhuJUkxrBx5B
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4D2F17EC.2060706@ieca.com>
Date: Thu, 13 Jan 2011 10:19:08 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: Alissa Cooper <acooper@cdt.org>
References: <4D247A58.3070605@ieca.com> <4D2610E8.5060105@ischool.berkeley.edu> <4D278269.4010509@ieca.com> <DD98E62E-1EE7-4CDF-B184-B37B041B947C@cdt.org>
In-Reply-To: <DD98E62E-1EE7-4CDF-B184-B37B041B947C@cdt.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: privacydir@ietf.org
Subject: Re: [privacydir] draft-ietf-httpstate-cookie (was Re: getting things started)
X-BeenThere: privacydir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." <privacydir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/privacydir>, <mailto:privacydir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/privacydir>
List-Post: <mailto:privacydir@ietf.org>
List-Help: <mailto:privacydir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacydir>, <mailto:privacydir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jan 2011 15:16:50 -0000
I'm perfectly happy having you send them directly to Adam. spt On 1/13/11 5:38 AM, Alissa Cooper wrote: > Sean, > > I took a look at this draft (which I meant to do during IETF last call > and unfortunately didn't get to) and both your and Tim's DISCUSSes. I > think the privacy points that you raise are spot-on; I have just a > couple of further thoughts: > > -- I think it makes sense to make some recommendation on limiting cookie > lifetimes. One way to do it without picking a number would be to say > that cookies should be set to expire when they are no longer needed by > the server for the purpose for which they were set. That way a limit is > recommended but it's still fungible. It might also make sense to > recommend that cookies lifetimes be reasonable given the expected > lifetime of browsers and devices (i.e., a 30-year lifetime makes no > sense when people cycle through devices every year or couple of years). > > -- It's my understanding that most private browsing modes prevent > third-party cookies from being read and treat all newly set cookies as > session cookies (see http://cdt.org/files/pdfs/20101209_browser_rpt.pdf > page 9). So I think this is actually covered by the text in 7.2. > > Does it make sense for you to convey these comments to Adam, or should I > post them to the http-state list? > > Alissa > > On Jan 7, 2011, at 9:15 PM, Sean Turner wrote: > >> The two drafts below were on yesterday's IESG telechat. >> >> For the ipfix-anon draft, I submitted Nick's comments pretty much in >> their entirety. I haven't heard from the authors. There's essentially >> still time if somebody uncovers something horrible. The time frame for >> anything on that draft is at best two weeks. >> >> For the cookie draft, time is short - actually technically it's over >> because IETF LC ended a while ago. The author is very responsive too. >> If you've got any comments I need them as soon as possible and >> unfortunately there's no guarantee the author will incorporate them. >> >> This just goes to show we need a secretary to ride herd on us. >> >> spt >> >> On 1/6/11 1:58 PM, Deirdre Mulligan wrote: >>> Hi Sean et al >>> Can you tell me what the timeline is on the two below? >>> I am happy to take on some of the evaluation work under 2 and will plan >>> to work it into a lab class I am running this semester looking at policy >>> implications of technical design. >>> >>> On topic 1, I would suggest that we think about other models--both >>> decisional documents, expert committees, etc. -- in addition to the >>> morris draft for iding and working through privacy issues in drafts. >>> >>> thanks and happy new year. >>> cheers >>> deirdre >>> >>> On 1/5/11 6:04 AM, Sean Turner wrote: >>>> Everyone, >>>> >>>> Thanks for agreeing to be in this directorate. The purpose is twofold: >>>> >>>> 1. Provide a place to discuss the Privacy Considerations for Internet >>>> Protocols draft >>>> (https://datatracker.ietf.org/doc/draft-morris-privacy-considerations/) >>>> >>>> 2. Test out the recommendations in that draft by reviewing selected >>>> drafts. >>>> >>>> Most that I talked to about this directorate liked the idea that it >>>> would be modeled on the security directorate. To do that we'll need a >>>> secretary to review the upcoming IESG telechat agenda >>>> (https://datatracker.ietf.org/iesg/agenda/documents/), select drafts to >>>> review, and assign drafts to reviewers. What that means is that we'll >>>> actually need people to review drafts and send their comments to the >>>> directorate. The workload will, I think, at most be one draft a month >>>> per person. Now there are only 15 or so, but we've had 30 requests to >>>> join the directorate. So, the workload could actually drop. >>>> >>>> I've gotten at least one recommendation for a secretary and Tim and I >>>> will see if they'd be game. I suspect the assignment process will >>>> happen >>>> by generating the list of directorate reviewers and then just working >>>> through the list. >>>> >>>> Tim and I had picked out two drafts that seemed bang on appropriate for >>>> the directorate to review: >>>> >>>> https://datatracker.ietf.org/doc/draft-ietf-httpstate-cookie/ >>>> >>>> and >>>> >>>> https://datatracker.ietf.org/doc/draft-ietf-ipfix-anon/ >>>> >>>> Tim and I both have some initial comments on the httpstate-cookie >>>> draft. >>>> You can see them by clicking on the IESG evaluation tab in he >>>> datatracker. If you think we've missed something please send email to >>>> this list. >>>> >>>> Nick Mathewson provided Tim and I with some comments on the ipfix-anon >>>> draft which I will forward shortly to the mailing list. >>>> >>>> Cheers, >>>> >>>> spt >>>> _______________________________________________ >>>> privacydir mailing list >>>> privacydir@ietf.org >>>> https://www.ietf.org/mailman/listinfo/privacydir >>> >> _______________________________________________ >> privacydir mailing list >> privacydir@ietf.org >> https://www.ietf.org/mailman/listinfo/privacydir >> > > >
- [privacydir] getting things started Sean Turner
- Re: [privacydir] getting things started Deirdre Mulligan
- Re: [privacydir] getting things started Sean Turner
- Re: [privacydir] getting things started Polk, William T.
- [privacydir] draft-ietf-httpstate-cookie (was Re:… Alissa Cooper
- Re: [privacydir] draft-ietf-httpstate-cookie (was… Sean Turner