Re: [proxies] [IETF Proxy] Next Steps

[Alan DeKok <aland@nitros9.org>]

Stefan Winter wrote:
> So if a foreign eduroam user authenticates within Australia, the visited 
> domain needs to get information about the age of the user.

  IANAL, but there are adults who are not legally responsible for their
actions.  Requiring that the users be "legally responsible" may satisfy
the constraint, while exposing minimal information.

> Without proxies, 
> this would not be a problem: define a Vendor-Specific attribute and 
> communicate the value. With proxies, things are worse: the traffic will be 
> sent through intermediate proxy servers, which can then correlate the 
> information of the age to the user identity, and thus create personally 
> identifiable data sets.

  It gets worse than that.  How does one end express a query that the
other end can understand?  This involves defining a fairly complex
policy language.  So far, all attempts to define a usable policy
language have failed.

> Being an architect of our hierarchy myself, I might have blind spots. Anyway, 
> there is at least one identifiable threat in the above model:
> 
> - proxies can intercept data they are not entitled for and abuse it

  Yes.  Non-technical means exist to address this problem.

> - Severity: that depends heavily on one's personal view on privacy and 
> confidentiality of personal data and its weight in today's world. I don't 
> want to make a blanket statement here.

  The people I talk to indicate that they are more worried about users
abusing the system than insiders.

  e.g. wireless sniffers at a hotspot are a problem.  Malicious proxies
aren't.

  I do think we need a documentation explaining the possible
architectures, the threats, requirements, and judged risks.

  Alan DeKok.
_______________________________________________
Proxies mailing list
Proxies@ietf.org
https://www.ietf.org/mailman/listinfo/proxies