Re: Fwd: [irsg] IRTF Announcement: Starting up PEARG, to work on Privacy-Enhancing Technologies in IRTF
Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Fri, 06 July 2018 09:59 UTC
Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81497130E7E for <quic@ietfa.amsl.com>; Fri, 6 Jul 2018 02:59:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fA24F94giEez for <quic@ietfa.amsl.com>; Fri, 6 Jul 2018 02:59:24 -0700 (PDT)
Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49DC6130E2D for <quic@ietf.org>; Fri, 6 Jul 2018 02:59:24 -0700 (PDT)
Received: by mail-it0-x236.google.com with SMTP id j185-v6so16045620ite.1 for <quic@ietf.org>; Fri, 06 Jul 2018 02:59:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to; bh=mghkWWA7WpAGLESpfoby2BoaP7SKJREe88wSXuSQu5s=; b=nwhamSi4js7ntLI4Z4K4JTxJkNb1mbfxRA6dHqSD2LEQ/18+APKE8IYfsJ48ttVBoO lzdJ+PY6Ruh1dm8rshEtZb8wFV71dUcQ+bm465gTlKei77pVe+52N15Hclj2gcHJmjMR 1XhB9s2lzFRoT2os97BT7F0aLgP9faCm/d1Mhbiucm3OHzU7mUocNjEEeL8/RpQPMOPN ANQCsc6EWWo2/NanetwiNq9vDVgCHfYNkUvn+vDdzp60zWxQSUdqMFY89Grr3GV5PLOm qbFB4MQpQvdw2XpCaJsQX80WnLD0x2Bwh5Vhq7h9F67HDZpUQqnvGJ6DzZsBaEuWHtbN ofpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to; bh=mghkWWA7WpAGLESpfoby2BoaP7SKJREe88wSXuSQu5s=; b=hQmznObGBhIYrDXtBgxq4GpYrwFtaTZUqW5Ov66r6BUbbCUv93ryk8NKy5SCabzoft Ap98LBrGrE6uk+08dftYWad35qRKzBkqsmM5JiU0nvtQmsSuztSu7sNWAV63sFtVda5D 9+ZoeogvQuF5yaNDqpLyXEYBfLgE+Gx9xVoBysQXmDxeKSlhdOPUjF2UWKwJj433tdnV 4GMgKdh3CH+8JLzG8hvSu8y6Ir4DjOT3LLYrcr18YyHEn6tGIXp/HZDLdksdX8kwPCGH oqbwIffpNGsqWR9IW4ep4AJaRVw8+/hVyHrHgwAWJJ0FaZPduXgpDhTMB/aTXy++JWmo hNew==
X-Gm-Message-State: APt69E1hMuEGf0DmpUImDZfFHGPmdv9bxddHxFJDEabRJ80MMVe4EKlU iJDy3yqXwfKKAmi/PQmsn/SUoO/QVcZbKXjlDUZ/bA==
X-Google-Smtp-Source: AAOMgpc6UH9VC5zPnDJ0mFmXFefLskrWJdee/2RDHXuXBI13ujfMEVrFsDBTPe0Ydk28n+uq/4vCjATp1/A9sdm5KZU=
X-Received: by 2002:a02:9833:: with SMTP id t48-v6mr7793617jaj.111.1530871163333; Fri, 06 Jul 2018 02:59:23 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 6 Jul 2018 05:59:22 -0400
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <730E056B-7A30-4940-9EA5-E0B4AB718A66@netapp.com>
References: <CAP8yD=tMi43MmiZw=+61YzvASkp7Ynzy=uETeVrFd1pT2bFg4g@mail.gmail.com> <730E056B-7A30-4940-9EA5-E0B4AB718A66@netapp.com>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Fri, 06 Jul 2018 05:59:22 -0400
Message-ID: <CAN1APddDcPbQ72=fu9ZgnJ2hzzVK0ddTch6SffetBRZOmqLh2A@mail.gmail.com>
Subject: Re: Fwd: [irsg] IRTF Announcement: Starting up PEARG, to work on Privacy-Enhancing Technologies in IRTF
To: IETF QUIC WG <quic@ietf.org>, "Eggert, Lars" <lars@netapp.com>
Content-Type: multipart/alternative; boundary="000000000000e331af057051b750"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/dv21fsfQ4yLUaL4S1tKiQnJqrHQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jul 2018 09:59:28 -0000
I probably won’t join, but you could add 0-RTT tokens to that since the server can use it as a cookie. On 6 July 2018 at 09.03.54, Eggert, Lars (lars@netapp.com) wrote: Note the inclusion of some QUIC-related items on the list below. Lars Begin forwarded message: *From:* Allison Mankin <allison.mankin@gmail.com> *Subject:* *[irsg] IRTF Announcement: Starting up PEARG, to work on Privacy-Enhancing Technologies in IRTF* *Date:* July 5, 2018 at 21:05:52 GMT+2 *To:* irtf-announce@irtf.org, "Internet Research Steering Group ( irsg@irtf.org)" <irsg@irtf.org>, IRTF Discussion <irtf-discuss@irtf.org> Dear IRTF folks, Please see the note below. A side meeting will take place to get feedback and move towards organizing PEARG (Privacy Enhancements and Assessment (Proposed) RG. Please join the pearg mailing list if you are interested in participating. Meeting info will also be sent on lists addressed here. You may receive this multiple times, so thanks for your patience! To subscribe: https://www.irtf.org/mailman/listinfo/pearg See you in Montreal! Allison IRTF Chair ---------- Forwarded message ---------- From: Sara Dickinson <sara@sinodun.com> Date: 5 July 2018 at 12:51 Subject: [Pearg] Welcome to the Privacy Enhancements and Assessment Proposed RG mailing list! To: pearg@irtf.org Dear All, We would like to announce the first meeting (a side meeting) of the Privacy Enhancements and Assessment (PEA) Proposed RG to be held at IETF 102 in Montreal. We are waiting confirmation of our time slot, we have requested 18:40 on Tuesday 17th July and will post to this list as soon as we have more details. The chairs for this Proposed RG are: Sara Dickinson (sara@sinodun.com) and Shivan Sahib (ssahib@salesforce.com) This side meeting is planned as an informal discussion for parties interested in participating in the Proposed RG. There will be an overview of the proposed charter (see below) and we would like to solicit feedback on the charter and also possible future work in the group. As food for thought we believe that there are several ongoing privacy-relevant efforts and discussions in various IETF and IRTF groups that would benefit from a dedicated group for analysis, including: - [QUIC] Privacy leaks via passive network management via the proposed QUIC spin bit. - [QUIC] Connection migration and multipath privacy properties of exposed packet header information. - [DoH] Privacy implications for various use cases and for server operators. - [DRUI (BoF)] Privacy implications of DNS resolver discovery mechanisms. - [DNSSD] Private service discovery threat model formulation and solution analysis. - [DPRIVE] BCP for operators of DNS privacy services. Padding profile analysis. - [ICNRG] Privacy implications of unencrypted content requests (interests). - [TRANS] Privacy implications of certificate transparency gossiping. - [RTCWEB] Privacy issues around exposing private IP addresses in WebRTC Equally important, there is active research being conducted in the academic and open source communities around privacy preserving techniques that the IETF and IRTF could benefit from adopting. We’ll also discuss scheduling future meetings, including possible co-location with events other than the IETF. Best regards Sara & Shivan # Draft Charter ## Background Privacy is an increasingly desirable and often necessary property for Internet technologies. Evidence suggests that attacks on societal, community, and individual privacy occur with non-negligible frequency, as discussed in detail in RFC 7258 and in protocol-specific documents such as RFC 7626. Pervasive monitoring [RFC 7258], is a well known attack on privacy at incredible scale. The IETF and IAB responses to such attacks is to push for widespread end-to-end encryption. Understanding attacks on privacy and the costs of addressing them is critical for ensuring the longevity, usability, and viability of Internet technologies. Alongside such work the emergence of global and region-specific legislation in this area e.g. GDPR provides further motivation for enhancing available privacy techniques (beyond end-to-end encryption), advancing the state-of-the-art for privacy in protocols, and for assessing privacy of existing protocols. ## Objectives The Privacy Enhancements and Assessments Research Group (PEARG) is a general forum for discussing and reviewing privacy enhancing technologies for network protocols and distributed systems in general, and for the IETF in particular. The PEARG serves as a bridge between theory and practice, bringing new privacy-enhancing technologies to the Internet community and promoting an understanding of the use and applicability of these mechanisms via Informational RFCs (in the tradition of HMAC [RFC 2104]). Our goal is to provide a forum for discussion and analyzing the cryptographic and practical aspects of privacy protocols, and to offer guidance on the use of emerging techniques and new uses of existing ones. IETF working groups developing protocols that include privacy technology elements are welcome to bring questions concerning the protocols to the PEARG for advice. The Assessments objective of PEARG will include partaking in the following tasks: 1) Reviewing privacy properties (informed by but not limited to the analysis in RFC6973) of existing and emerging IETF protocols, 2) Developing specifications in the tradition of RFC 6973 that offer guidance for protocol design and development and advice on privacy-enhancement. This work will involve outreach to ensure close cooperation with similar and related efforts in IETF. ## Meetings The PEARG will meet two to three times per year, as deemed necessary by the chairs and according to demand. At least one PEARG meeting will be co-located with an IETF meeting per year. The PEARG will also meet collocated with relevant academic conferences, such as the Privacy Enhancing Technologies Symposium (PETS), yearly if possible. Participation is open to all. Meetings are by default open with open attendance and published proceedings, with remote participation and recording as provided by the meeting venue, according to the IRTF’s IPR policy. The chairs may at times appoint at their pleasure “closed” design teams with lesser reporting requirements (though results will be open). This will allow for some limited discussions in which participants require extra privacy. This does not relax the Note Well: for all activities of the RG, as for all other activities of IRTF, the Note Well applies [ https://www.ietf.org/about/note-well/]. ## Collaborations PEARG will actively engage with academic and open source (e.g. Tor project, EFF, OTF) communities and encourage specification of key privacy-enhancing technologies in Informational or Experimental RFCs. Example current emerging technologies where interest is solicited include: 1. Differential privacy techniques applied to networked and distributed systems 2. Anti-fingerprinting techniques 3. Potential uses of MPC for privacy PEARG is related to security and cryptographic protocols in the IETF and IRTF. Among the IETF working groups, PEARG will collaborate to ensure and encourage collaboration so that desirable privacy properties are upheld for the Internet community. PEARG will also collaborate with the CFRG to ensure cryptographic techniques and algorithms are used appropriately for their intended purpose. -- Pearg mailing list Pearg@irtf.org https://www.irtf.org/mailman/listinfo/pearg
- Re: Fwd: [irsg] IRTF Announcement: Starting up PE… Mikkel Fahnøe Jørgensen
- Fwd: [irsg] IRTF Announcement: Starting up PEARG,… Eggert, Lars