Re: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 07 August 2015 15:35 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 411321A9170 for <sacm@ietfa.amsl.com>; Fri, 7 Aug 2015 08:35:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.99
X-Spam-Level:
X-Spam-Status: No, score=-0.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2rY6MhxjEg56 for <sacm@ietfa.amsl.com>; Fri, 7 Aug 2015 08:35:09 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D56D1A90E1 for <sacm@ietf.org>; Fri, 7 Aug 2015 08:35:09 -0700 (PDT)
Received: by wicne3 with SMTP id ne3so64727132wic.1 for <sacm@ietf.org>; Fri, 07 Aug 2015 08:35:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=/gIf++Kym6OgCVLpgwIi+K6Oe87mWarLUMIrJk6CPIw=; b=Vq/F+V/J7JoRZxRwTB4T2PM6mILjZL3wgUQ/OEi4PYMzNxPaOCN5/4XyHvQVP1aK8Q A7G+DHnWiENnGWKHkdLLrNJ7G5OtP7y0SIHnwRxWU1OuRcfBPpejMPi89Sse2Foj6Kln qSwy/M/5U14Zt60buxS44wimUVe9zYwCt/sf4dWURX8EjQjZmVmhQwSkUjFoX/B52Bap U3X/Hqp5R81S0Og4HMqCuIgTEAU54AMpFwDTRc5X1I1BUaEzTOjTlzLrAXEJY0D6UqUn Rm/CHWsinKN3FzGQSJrjam9Ggty9n0DCXZTXv5FTzhpSxkdv+CZ4uHgKDMX1x8csXh/N y+lQ==
MIME-Version: 1.0
X-Received: by 10.180.106.5 with SMTP id gq5mr7896859wib.61.1438961707679; Fri, 07 Aug 2015 08:35:07 -0700 (PDT)
Received: by 10.28.0.67 with HTTP; Fri, 7 Aug 2015 08:35:07 -0700 (PDT)
In-Reply-To: <CAN40gSvf+9jA=kC0Epzd=zUrqX5Qcoq8ry7-wvwgcK5cpt7ybg@mail.gmail.com>
References: <sacmwg/draft-ietf-sacm-requirements/issues/55@github.com> <sacmwg/draft-ietf-sacm-requirements/issues/55/128680469@github.com> <55C4BA28.2010006@nasa.gov> <CAN40gSvf+9jA=kC0Epzd=zUrqX5Qcoq8ry7-wvwgcK5cpt7ybg@mail.gmail.com>
Date: Fri, 07 Aug 2015 11:35:07 -0400
Message-ID: <CAHbuEH7QhSCLBrRAiW0Qmg_9rKmFnQ9JM5N1fH5YvK779Vb-yg@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Ira McDonald <blueroofmusic@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/sacm/7NHCwNaDxXQUiXdUTXNf1TNWxvY>
Cc: sacmwg/draft-ietf-sacm-requirements <draft-ietf-sacm-requirements@noreply.github.com>, sacmwg/draft-ietf-sacm-requirements <reply+00a6c4d1129080622850c5e27de14219f5265ff1c931c67092cf0000000111dc5ac392a169ce05cd0b75@reply.github.com>, sacm <sacm@ietf.org>, Ron.Colvin@nasa.gov
Subject: Re: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 15:35:11 -0000
Hello,
This is a good discussion and it seems that it is getting to the right
set of points, that we do need to worry about index data and ways to
correlate information back to systems and possibly to users of those
systems or whose data crosses those systems.
Jim is right on the PM angle, but you can phrase this lots of ways.
In terms of privacy, we worry about indexes, anything considered
sensitive that requires confidentiality related to privacy, and PII.
There are lots of ways to handle this and that will be up to the WG to
decide how to provide such guidance. We do have materials to help you
from the view of developing protocols.
Here are some links from a slide I've been using in presentations
(please do read the RFC listed, it's very helpful):
IETF Privacy Considerations for Internet protocols
–https://datatracker.ietf.org/doc/rfc6973/
–Data protection
▪Object level encryption
▪Determining when data is not necessary
▪Obscuring data or generalizing when possible
▪Protections on sensitive data and indexes to that data
–Push for encrypted traffic
IAB Statement on Internet Confidentiality
–https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/
Pervasive Monitoring is an Attack
–RFC7258/BCP188 published after major IETF LC debate – sets the
basis for further actions
–https://www.rfc-editor.org/rfc/rfc7258.txt
In case you missed the tech plenary for IETF88 and you prefer video
over reading (or in addition), this was a great plenary that gives
background into these considerations for the IETF:
http://www.ietf.org/live/ietf88/text.html
Unofficial stuff:
Blog from Snowden Q&A in Prague:
https://www.mnot.net/blog/2015/07/20/snowden_meets_the_ietf
If you missed the Snowden Q&A on Sunday of Prague, here is a link:
https://www.youtube.com/watch?feature=youtu.be&v=0NvsUXBCeVA&app=desktop
We are also working with the IEEE on their privacy work. This
includes work to ensure MAC addresses can't be used to identify hosts
(and thus users of the hosts).
Thanks,
Kathleen
On Fri, Aug 7, 2015 at 10:51 AM, Ira McDonald <blueroofmusic@gmail.com> wrote:
> Hi,
>
> When an enterprise network is breached by an outside attacker (using "if"
> no longer seems appropriate) or is compromised by an inside attacker, the
> SACM components that have datastores of devices and associated identity
> info as well as (often) associated user identities are high-value targets of
> attacks for bulk theft of PII.
>
> By its fundamental nature, SACM increases the threat of exposure of PII
> and therefore should address anonymization of individual device identity
> info and strong controls on the dissemination of that info to subscribers.
>
> Cheers,
> - Ira
>
>
> Ira McDonald (Musician / Software Architect)
> Co-Chair - TCG Trusted Mobility Solutions WG
> Chair - Linux Foundation Open Printing WG
> Secretary - IEEE-ISTO Printer Working Group
> Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
> IETF Designated Expert - IPP & Printer MIB
> Blue Roof Music / High North Inc
> http://sites.google.com/site/blueroofmusic
> http://sites.google.com/site/highnorthinc
> mailto: blueroofmusic@gmail.com
> Winter 579 Park Place Saline, MI 48176 734-944-0094
> Summer PO Box 221 Grand Marais, MI 49839 906-494-2434
>
>
> On Fri, Aug 7, 2015 at 10:01 AM, Ron Colvin <Ron.Colvin@nasa.gov> wrote:
>>
>> My understanding on PII is that as soon as I associate a person with an
>> email address, phone number or physical address I have PII that I need to
>> protect. If we associate a user id, account or user provisioned PKI with a
>> device including possibly a MAC address we probably have the same concerns.
>>
>> I think in many cases user certificates are used for device authentication
>> and I thought that was an attribute that was highly desirable.
>>
>>
>> On 8/7/15 7:38 AM, adammontville wrote:
>>
>> I agree that privacy needs to be covered.
>>
>> Still, when we talk about identity or identification in this working
>> group, we're talking about something different than PII data. As such,
>> there's this other issue for the information model
>> sacmwg/draft-ietf-sacm-information-model#21, which is seeking to get
>> feedback on what a useful term other than identity might be. The present
>> candidate seems to be designate. So, instead of "identify an endpoint" we
>> would "designate an endpoint" or "collect AVPs from the designated set of
>> endpoints".
>>
>> I also wouldn't go so far as to say that we're performing pervasive
>> monitoring in the sense that mainstream media understands the term. Our
>> scope has always been single-enterprise, and it remains that way.
>>
>> Again, privacy is important, but I don't think we're talking about PII as
>> much as might be implied by our choice of terms.
>>
>> —
>> Reply to this email directly or view it on GitHub.
>>
>>
>>
>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>>
>> --
>>
>>
>> ********************************************************
>> Ron Colvin CISSP, CAP, CEH
>> Certified Security Analyst
>> NASA - Goddard Space Flight Center
>> <ron.colvin@nasa.gov>
>> Direct phone 301-286-2451
>> NASA Jabber (rdcolvin@im.nasa.gov) AIM rcolvin13
>> NASA LCS (ronald.d.colvin@nasa.gov)
>> ********************************************************
>>
>>
>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>
--
Best regards,
Kathleen
- [sacm] [draft-ietf-sacm-requirements] Do we need … Jim Schaad
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… adammontville
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Ron Colvin
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Ira McDonald
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Kathleen Moriarty
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Lisa Lorenzin
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Kathleen Moriarty
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Jim Schaad
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Kathleen Moriarty
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… llorenzin
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… dromasca