[regext] Fwd: Ideas to address the privacy implication of reverse search draft
Mario Loffredo <mario.loffredo@iit.cnr.it> Wed, 23 December 2020 12:43 UTC
Return-Path: <mario.loffredo@iit.cnr.it>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5F0A3A0F44 for <regext@ietfa.amsl.com>; Wed, 23 Dec 2020 04:43:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzHe681S_SI6 for <regext@ietfa.amsl.com>; Wed, 23 Dec 2020 04:43:22 -0800 (PST)
Received: from smtp.iit.cnr.it (mx5.iit.cnr.it [146.48.98.152]) by ietfa.amsl.com (Postfix) with ESMTP id 4C8203A0FAF for <regext@ietf.org>; Wed, 23 Dec 2020 04:43:22 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by smtp.iit.cnr.it (Postfix) with ESMTP id 96B1EC04EC for <regext@ietf.org>; Wed, 23 Dec 2020 13:43:21 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mx5.iit.cnr.it
Received: from smtp.iit.cnr.it ([127.0.0.1]) by localhost (mx5.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ilxFHz_FMCKS for <regext@ietf.org>; Wed, 23 Dec 2020 13:43:18 +0100 (CET)
Received: from [192.12.193.108] (pc-loffredo.nic.it [192.12.193.108]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by smtp.iit.cnr.it (Postfix) with ESMTPSA id E05AFC03DB for <regext@ietf.org>; Wed, 23 Dec 2020 13:43:17 +0100 (CET)
References: <78728597-feec-4665-046e-bd90c3b62f70@iit.cnr.it>
To: "regext@ietf.org" <regext@ietf.org>
From: Mario Loffredo <mario.loffredo@iit.cnr.it>
X-Forwarded-Message-Id: <78728597-feec-4665-046e-bd90c3b62f70@iit.cnr.it>
Message-ID: <56e02a3d-2a7f-4768-c35f-8a090e88d945@iit.cnr.it>
Date: Wed, 23 Dec 2020 13:43:17 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <78728597-feec-4665-046e-bd90c3b62f70@iit.cnr.it>
Content-Type: multipart/alternative; boundary="------------2B564493223C58FCFBFCF1DE"
Content-Language: it
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/PfSKE_mpcZbalHxNpRjsOE6mgq8>
Subject: [regext] Fwd: Ideas to address the privacy implication of reverse search draft
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Dec 2020 12:43:26 -0000
Hi Ali, Il 23/12/2020 00:24, Ali Hussain ha scritto: > Hi Dr. Mario, > > Hope you are fine. > > Another area i would like to touch is to limit the server ability to > do user profiling. This could be a simple mechanism using HTTP secure > header enforcement and users identity proof generation and refreshing. Sorry but I don't understand what you mean with the term "user profiling". If "user profiling" is the commonly known term to identify a process a service can implement to gain knowledge about its users' interests, opinions and other characters, my thought is that this topic is out of both the reverse search and, more generally, the RDAP context for the following reasons: 1. the well known privacy concerns about reverse search regard the information about individuals in WHOIS/RDAP responses rather than the possible individuals sending requests; 2. supposing that RDAP users might run some risk to be profiled by RDAP servers (thing that seems quite unlikely according to my personal experience), such a threat would not be specific for reverse searches but, in general, for every RDAP query; 3. I interpret your proposal as a general approach to a problem that might involve a generic REST service instead of an RDAP server. If so, the most suitable forum for discussion would be the new HTTPAPI WG. Conversely, it makes more sense to me that clients can use the content of reverse search responses to profile individuals. For example, clients could gain knowledge about registrants by classifying the names of their own domains. However, the mechanisms to mitigate this risk have already been presented in reverse-search draft (e.g. allowing only to authenticated/legitimated users to request a reverse search) Best, Mario > > Please share your thought about it. > > Looking forward work with you to address these issue and > possible start written an publishing the draft spoon before upcoming > IETF110. > > Thanks, > > Regards, > Ali Hussain > > On Mon, Dec 21, 2020 at 10:33 PM Ali Hussain > <ali.hussain@siswa.um.edu.my <mailto:ali.hussain@siswa.um.edu.my>> wrote: > > Hi Dr. Mario, > > Apologies for replying too late. > > First of all thanks for your detailed comments about the proposed > tentative iea to make reverse search more > privacy complaints keeping hrpc guidelines as reference. > > One possible new work in giving better privacy to reverse search > would be to have privacy by design implementation in addition to > federated access using HTTP and limiting the response. The > proposed mechanism may use an integrity protection mechanism HMAC > or standard authorization mechnaum like JSON web token to bring in > additional data confidentiality and privacy benefits. This way we > would be able to easily define the custom access control policies. > > What do you think about it.? > > Thanks, > > Regards, > Ali Hussain > > > On Fri, Dec 4, 2020 at 1:27 AM Mario Loffredo > <mario.loffredo@iit.cnr.it <mailto:mario.loffredo@iit.cnr.it>> wrote: > > Hi Ali, > > thanks a lot for your interest. > > Obviously, I'm willing to collaborate with anyone who plans to > implement the reverse-search capability and I'm open to any > idea that can contribute to make the proposal more comprehensive. > > I'm also available to give my humble contribution to harmonize > the reverse-search specification with the concepts described > in the hrpc draft. > > That being said, if I interpreted your idea correctly, you are > proposing an operation model where the capability is open to > everyone but the access to possible sensitive response data > are reserved only to authenticated users, right? > > If so, I have a couple of comments: > > - The RDAP servers are already engaged in tailoring their > responses on different user profiles due to GDPR. Sensitive > data redaction is usually achieved through a combination of > practices like not returning optional sensitive data, > replacing the value of mandatory sensitive data (like jCard > "fn" for individuals), publishing only those sensitive data > which the owner has previously given the explicit consent for. > So which additional issues should your proposal address? > > - In the case of a reverse-search, what must be allowed to > authenticated users is not the access to the data returned by > the capability but rather the capability itself. Of course, > the reverse search is not the only query capability that can > be controlled. For example, at .it we don't permit everyone to > submit a generic search query. This can be done either > through the well-known HTTP authentication methods as > described in RFC7480 or by applying a federated authentication > to RDAP as defined by Scott's rdap-openid extension. To make > an ad-hoc access control easy to implement, the reverse-search > draft introduces the specific "/reverse" path and lets servers > furtherly regulate the access on a per-entiy-role basis. > > Definitively, maybe I'm missing something but do we really > need anything other than what already exists? > > Best, > > Mario > > > Il 04/12/2020 01:47, Ali Hussain ha scritto: >> Hi All, >> >> It wa interesting to see the interest during REGEXT IETF 109 >> meeting call to address the the privacy aspects of draft >> (draft-ietf-regext-rdap-reverse-search). >> So far my idea to improve the reverse search to first make >> the JSON object for the required level of privacy critical >> data. Based on the tag the partial response suppresses the >> privacy part of responses by encoding and in order to decode >> it, it must present an identity to federated access control. >> I am also reviewing the hrpc draft to bring some valuable >> input form their guidance. >> Please let me know what you think and is anyone else >> interested to work on this? >> Thanks, >> Regards, >> Ali Hussain >> >> _______________________________________________ >> regext mailing list >> regext@ietf.org <mailto:regext@ietf.org> >> https://www.ietf.org/mailman/listinfo/regext <https://www.ietf.org/mailman/listinfo/regext> > > -- > Dr. Mario Loffredo > Technological Unit “Digital Innovation” > Institute of Informatics and Telematics (IIT) > National Research Council (CNR) > via G. Moruzzi 1, I-56124 PISA, Italy > Phone: +39.0503153497 > Web:http://www.iit.cnr.it/mario.loffredo <http://www.iit.cnr.it/mario.loffredo> > -- Dr. Mario Loffredo Technological Unit “Digital Innovation” Institute of Informatics and Telematics (IIT) National Research Council (CNR) via G. Moruzzi 1, I-56124 PISA, Italy Phone: +39.0503153497 Web:http://www.iit.cnr.it/mario.loffredo
- [regext] Ideas to address the privacy implication… Ali Hussain
- Re: [regext] Ideas to address the privacy implica… Mario Loffredo
- [regext] Fwd: Ideas to address the privacy implic… Mario Loffredo
- [regext] Fwd: Ideas to address the privacy implic… Mario Loffredo