Re: [privacydir] draft-ietf-httpstate-cookie (was Re: getting things started)

Sean Turner <turners@ieca.com> Thu, 13 January 2011 15:16 UTC

Return-Path: <turners@ieca.com>
X-Original-To: privacydir@core3.amsl.com
Delivered-To: privacydir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D60353A69B9 for <privacydir@core3.amsl.com>; Thu, 13 Jan 2011 07:16:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.533
X-Spam-Level:
X-Spam-Status: No, score=-102.533 tagged_above=-999 required=5 tests=[AWL=0.065, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oKggwEuvdiau for <privacydir@core3.amsl.com>; Thu, 13 Jan 2011 07:16:49 -0800 (PST)
Received: from nm29-vm0.bullet.mail.ac4.yahoo.com (nm29-vm0.bullet.mail.ac4.yahoo.com [98.139.52.248]) by core3.amsl.com (Postfix) with SMTP id 60EE33A6892 for <privacydir@ietf.org>; Thu, 13 Jan 2011 07:16:49 -0800 (PST)
Received: from [98.139.52.189] by nm29.bullet.mail.ac4.yahoo.com with NNFMP; 13 Jan 2011 15:19:09 -0000
Received: from [98.139.52.139] by tm2.bullet.mail.ac4.yahoo.com with NNFMP; 13 Jan 2011 15:19:09 -0000
Received: from [127.0.0.1] by omp1022.mail.ac4.yahoo.com with NNFMP; 13 Jan 2011 15:19:08 -0000
X-Yahoo-Newman-Id: 991241.45366.bm@omp1022.mail.ac4.yahoo.com
Received: (qmail 30546 invoked from network); 13 Jan 2011 15:19:08 -0000
Received: from thunderfish.local (turners@96.241.0.234 with plain) by smtp112.biz.mail.re2.yahoo.com with SMTP; 13 Jan 2011 07:19:08 -0800 PST
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: .RZY8p0VM1nauDQ8.bnqzU3_93Q7do7AgtF9wQcBc16GPji juCu9n7e9YZAsD1dcJziTwNJLOBCr.qGwQ2ZepVq3UsQIoJ4tQpu98N4O4wy HDG3GZOP1UTwFl7y8kqYwwdmj0GQYZXkq44QTZ6Eyl.DZffTIlNJqRmQ4HQ6 fRJbmy.IPLEex4a.JrYF.aI1fVoq6ycaqdFny5DKLmb9a3v2IdcZSHHyIK.t SSRdyFL0LrjAJ69l9.1BGQZRz1eBi3UN9YRbUSwgAWjIHRgL8uXk5hYZhw7E R_yv4be7dcBPXWl4Uo6UaKhuJUkxrBx5B
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4D2F17EC.2060706@ieca.com>
Date: Thu, 13 Jan 2011 10:19:08 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: Alissa Cooper <acooper@cdt.org>
References: <4D247A58.3070605@ieca.com> <4D2610E8.5060105@ischool.berkeley.edu> <4D278269.4010509@ieca.com> <DD98E62E-1EE7-4CDF-B184-B37B041B947C@cdt.org>
In-Reply-To: <DD98E62E-1EE7-4CDF-B184-B37B041B947C@cdt.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: privacydir@ietf.org
Subject: Re: [privacydir] draft-ietf-httpstate-cookie (was Re: getting things started)
X-BeenThere: privacydir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." <privacydir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/privacydir>, <mailto:privacydir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/privacydir>
List-Post: <mailto:privacydir@ietf.org>
List-Help: <mailto:privacydir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacydir>, <mailto:privacydir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jan 2011 15:16:50 -0000

I'm perfectly happy having you send them directly to Adam.

spt

On 1/13/11 5:38 AM, Alissa Cooper wrote:
> Sean,
>
> I took a look at this draft (which I meant to do during IETF last call
> and unfortunately didn't get to) and both your and Tim's DISCUSSes. I
> think the privacy points that you raise are spot-on; I have just a
> couple of further thoughts:
>
> -- I think it makes sense to make some recommendation on limiting cookie
> lifetimes. One way to do it without picking a number would be to say
> that cookies should be set to expire when they are no longer needed by
> the server for the purpose for which they were set. That way a limit is
> recommended but it's still fungible. It might also make sense to
> recommend that cookies lifetimes be reasonable given the expected
> lifetime of browsers and devices (i.e., a 30-year lifetime makes no
> sense when people cycle through devices every year or couple of years).
>
> -- It's my understanding that most private browsing modes prevent
> third-party cookies from being read and treat all newly set cookies as
> session cookies (see http://cdt.org/files/pdfs/20101209_browser_rpt.pdf
> page 9). So I think this is actually covered by the text in 7.2.
>
> Does it make sense for you to convey these comments to Adam, or should I
> post them to the http-state list?
>
> Alissa
>
> On Jan 7, 2011, at 9:15 PM, Sean Turner wrote:
>
>> The two drafts below were on yesterday's IESG telechat.
>>
>> For the ipfix-anon draft, I submitted Nick's comments pretty much in
>> their entirety. I haven't heard from the authors. There's essentially
>> still time if somebody uncovers something horrible. The time frame for
>> anything on that draft is at best two weeks.
>>
>> For the cookie draft, time is short - actually technically it's over
>> because IETF LC ended a while ago. The author is very responsive too.
>> If you've got any comments I need them as soon as possible and
>> unfortunately there's no guarantee the author will incorporate them.
>>
>> This just goes to show we need a secretary to ride herd on us.
>>
>> spt
>>
>> On 1/6/11 1:58 PM, Deirdre Mulligan wrote:
>>> Hi Sean et al
>>> Can you tell me what the timeline is on the two below?
>>> I am happy to take on some of the evaluation work under 2 and will plan
>>> to work it into a lab class I am running this semester looking at policy
>>> implications of technical design.
>>>
>>> On topic 1, I would suggest that we think about other models--both
>>> decisional documents, expert committees, etc. -- in addition to the
>>> morris draft for iding and working through privacy issues in drafts.
>>>
>>> thanks and happy new year.
>>> cheers
>>> deirdre
>>>
>>> On 1/5/11 6:04 AM, Sean Turner wrote:
>>>> Everyone,
>>>>
>>>> Thanks for agreeing to be in this directorate. The purpose is twofold:
>>>>
>>>> 1. Provide a place to discuss the Privacy Considerations for Internet
>>>> Protocols draft
>>>> (https://datatracker.ietf.org/doc/draft-morris-privacy-considerations/)
>>>>
>>>> 2. Test out the recommendations in that draft by reviewing selected
>>>> drafts.
>>>>
>>>> Most that I talked to about this directorate liked the idea that it
>>>> would be modeled on the security directorate. To do that we'll need a
>>>> secretary to review the upcoming IESG telechat agenda
>>>> (https://datatracker.ietf.org/iesg/agenda/documents/), select drafts to
>>>> review, and assign drafts to reviewers. What that means is that we'll
>>>> actually need people to review drafts and send their comments to the
>>>> directorate. The workload will, I think, at most be one draft a month
>>>> per person. Now there are only 15 or so, but we've had 30 requests to
>>>> join the directorate. So, the workload could actually drop.
>>>>
>>>> I've gotten at least one recommendation for a secretary and Tim and I
>>>> will see if they'd be game. I suspect the assignment process will
>>>> happen
>>>> by generating the list of directorate reviewers and then just working
>>>> through the list.
>>>>
>>>> Tim and I had picked out two drafts that seemed bang on appropriate for
>>>> the directorate to review:
>>>>
>>>> https://datatracker.ietf.org/doc/draft-ietf-httpstate-cookie/
>>>>
>>>> and
>>>>
>>>> https://datatracker.ietf.org/doc/draft-ietf-ipfix-anon/
>>>>
>>>> Tim and I both have some initial comments on the httpstate-cookie
>>>> draft.
>>>> You can see them by clicking on the IESG evaluation tab in he
>>>> datatracker. If you think we've missed something please send email to
>>>> this list.
>>>>
>>>> Nick Mathewson provided Tim and I with some comments on the ipfix-anon
>>>> draft which I will forward shortly to the mailing list.
>>>>
>>>> Cheers,
>>>>
>>>> spt
>>>> _______________________________________________
>>>> privacydir mailing list
>>>> privacydir@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/privacydir
>>>
>> _______________________________________________
>> privacydir mailing list
>> privacydir@ietf.org
>> https://www.ietf.org/mailman/listinfo/privacydir
>>
>
>
>