IETF Logo Mail Archive

Re: [regext] Ideas to address the privacy implication of reverse search draft

Mario Loffredo <mario.loffredo@iit.cnr.it> Fri, 04 December 2020 09:27 UTC

Return-Path: <mario.loffredo@iit.cnr.it>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E3173A121D for <regext@ietfa.amsl.com>; Fri, 4 Dec 2020 01:27:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IfNXFKKMnWXa for <regext@ietfa.amsl.com>; Fri, 4 Dec 2020 01:27:42 -0800 (PST)
Received: from smtp.iit.cnr.it (mx5.iit.cnr.it [146.48.98.152]) by ietfa.amsl.com (Postfix) with ESMTP id E83B23A11C3 for <regext@ietf.org>; Fri, 4 Dec 2020 01:27:41 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by smtp.iit.cnr.it (Postfix) with ESMTP id 01CBCC02EB; Fri, 4 Dec 2020 10:27:40 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mx5.iit.cnr.it
Received: from smtp.iit.cnr.it ([127.0.0.1]) by localhost (mx5.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Wjl-eVBOtpf; Fri, 4 Dec 2020 10:27:35 +0100 (CET)
Received: from [192.12.193.108] (pc-loffredo.nic.it [192.12.193.108]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by smtp.iit.cnr.it (Postfix) with ESMTPSA id 07381C00E9; Fri, 4 Dec 2020 10:27:35 +0100 (CET)
From: Mario Loffredo <mario.loffredo@iit.cnr.it>
To: Ali Hussain <ali.hussain@siswa.um.edu.my>, regext@ietf.org
References: <CAFwa7wesYFhA7hQMAWNBy_SRWPn6WzggLHAiC1ZtpDvK+=yeRQ@mail.gmail.com>
Message-ID: <d6aefd59-9fc9-5beb-39d1-6f440acace8f@iit.cnr.it>
Date: Fri, 04 Dec 2020 10:24:01 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <CAFwa7wesYFhA7hQMAWNBy_SRWPn6WzggLHAiC1ZtpDvK+=yeRQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------A9D7F470D3B0498983481A43"
Content-Language: it
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/6P23QORXsTHhrEwaxEMonJ48qZs>
Subject: Re: [regext] Ideas to address the privacy implication of reverse search draft
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 09:27:45 -0000

Hi Ali,

thanks a lot for your interest.

Obviously, I'm willing to collaborate with anyone who plans to implement 
the reverse-search capability and I'm open to any idea that can 
contribute to make the proposal more comprehensive.

I'm also available to give my humble contribution to harmonize the 
reverse-search specification with the concepts described in the hrpc draft.

That being said, if I interpreted your idea correctly, you are proposing 
an operation model where the capability is open to everyone but the 
access to possible sensitive response data are reserved only to 
authenticated users, right?

If so, I have a couple of comments:

- The RDAP servers are already engaged in tailoring their responses on 
different user profiles due to GDPR. Sensitive data redaction is usually 
achieved through a combination of practices like not returning optional 
sensitive data, replacing the value of  mandatory sensitive data (like 
jCard "fn" for individuals), publishing only those sensitive data which 
the owner has previously given the explicit consent for. So which 
additional issues should your proposal address?

- In the case of a reverse-search, what must be allowed to authenticated 
users is not the access to the data returned by the capability but 
rather the capability itself.  Of course, the reverse search is not the 
only query capability that can be controlled. For example, at .it we 
don't permit everyone to submit a generic search query.  This can be 
done either through the well-known HTTP authentication methods as 
described in RFC7480 or by applying a federated authentication to RDAP 
as defined by Scott's rdap-openid extension.  To make an ad-hoc access 
control easy to implement, the reverse-search draft introduces the 
specific "/reverse" path and lets servers furtherly regulate the access 
on a per-entiy-role basis.

Definitively, maybe I'm missing something but do we really need anything 
other than what already exists?

Best,

Mario


Il 04/12/2020 01:47, Ali Hussain ha scritto:
> Hi All,
>
> It wa  interesting to see the interest during REGEXT IETF 109 
> meeting call to address the the privacy aspects of draft 
> (draft-ietf-regext-rdap-reverse-search).
> So far my idea to improve the reverse search to first make the JSON 
> object for the required level of privacy critical data. Based on the 
> tag the partial response suppresses the privacy part of responses by 
> encoding and in order to decode it, it must present an identity to 
> federated access control.
> I am also reviewing the hrpc draft to bring some valuable input form 
> their guidance.
> Please let me know what you think and is anyone else interested to 
> work on this?
> Thanks,
> Regards,
> Ali Hussain
>
> _______________________________________________
> regext mailing list
> regext@ietf.org
> https://www.ietf.org/mailman/listinfo/regext

-- 
Dr. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web:http://www.iit.cnr.it/mario.loffredo

v2.23.0 | Report a Bug | By Email