IETF Logo Mail Archive

Re: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55)

Lisa Lorenzin <llorenzin@pulsesecure.net> Fri, 07 August 2015 16:15 UTC

Return-Path: <llorenzin@pulsesecure.net>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2494E1B2F0D for <sacm@ietfa.amsl.com>; Fri, 7 Aug 2015 09:15:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.892
X-Spam-Level:
X-Spam-Status: No, score=-1.892 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gcbdMX4LHJB1 for <sacm@ietfa.amsl.com>; Fri, 7 Aug 2015 09:15:56 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0629.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 427D61B2F05 for <sacm@ietf.org>; Fri, 7 Aug 2015 09:15:14 -0700 (PDT)
Received: from BN1PR06MB440.namprd06.prod.outlook.com (10.141.58.24) by BN1PR06MB136.namprd06.prod.outlook.com (10.242.215.26) with Microsoft SMTP Server (TLS) id 15.1.225.19; Fri, 7 Aug 2015 16:14:53 +0000
Received: from BN1PR06MB437.namprd06.prod.outlook.com (10.141.58.15) by BN1PR06MB440.namprd06.prod.outlook.com (10.141.58.24) with Microsoft SMTP Server (TLS) id 15.1.225.19; Fri, 7 Aug 2015 16:14:54 +0000
Received: from BN1PR06MB437.namprd06.prod.outlook.com ([169.254.5.137]) by BN1PR06MB437.namprd06.prod.outlook.com ([169.254.5.137]) with mapi id 15.01.0225.018; Fri, 7 Aug 2015 16:14:51 +0000
From: Lisa Lorenzin <llorenzin@pulsesecure.net>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Ira McDonald <blueroofmusic@gmail.com>
Thread-Topic: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55)
Thread-Index: AQHQ0QWfmeHScPTVDkKgcymTGU2inJ4AkP0AgAAOLoCAAAwQgIAAAP/Q
Date: Fri, 07 Aug 2015 16:14:51 +0000
Message-ID: <BN1PR06MB4371999A298D0A088737297A8730@BN1PR06MB437.namprd06.prod.outlook.com>
References: <sacmwg/draft-ietf-sacm-requirements/issues/55@github.com> <sacmwg/draft-ietf-sacm-requirements/issues/55/128680469@github.com> <55C4BA28.2010006@nasa.gov> <CAN40gSvf+9jA=kC0Epzd=zUrqX5Qcoq8ry7-wvwgcK5cpt7ybg@mail.gmail.com> <CAHbuEH7QhSCLBrRAiW0Qmg_9rKmFnQ9JM5N1fH5YvK779Vb-yg@mail.gmail.com>
In-Reply-To: <CAHbuEH7QhSCLBrRAiW0Qmg_9rKmFnQ9JM5N1fH5YvK779Vb-yg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=llorenzin@pulsesecure.net;
x-originating-ip: [45.37.161.106]
x-microsoft-exchange-diagnostics: 1; BN1PR06MB440; 5:/bIO/VU81t+dAANY9vpGjcI7WrlpR873MSG8Vo0yTwWjIcLhJB9GbFIQN6tv+UFhQBS3YRcoO8D4Y7Wpjlk9XGhJViPkN9C32zHTH1C+6ZKupvNPvy8XWe7St+088SUuINwn6GLJl3uLEwkiNnJ5qg==; 24:DRi70+rAmogILyayC4tlfqzwnIc72j4RphWAhrgkmTWZrEL/84BB1R/IYsaBktt87rEbk8v7X8t4CnaMmFcggn3T1ksnBF+SMVry7bM+j+o=; 20:qScViEsI2vKhBbqzW/swVLMU+icCAaA2myJBbyWAtvDprTi44eFDbtVzfiGqUYbV1i2FjDRQ9wbEFS3oN1jXGA==
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(42139001); SRVR:BN1PR06MB440; UriScan:; BCL:0; PCL:0; RULEID:(42139001); SRVR:BN1PR06MB136;
x-microsoft-antispam-prvs: <BN1PR06MB440F8641B565402FCF00256A8730@BN1PR06MB440.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:BN1PR06MB440; BCL:0; PCL:0; RULEID:; SRVR:BN1PR06MB440;
x-forefront-prvs: 066153096A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(53754006)(243025005)(57704003)(199003)(377454003)(13464003)(189002)(24454002)(164054003)(479174004)(19580395003)(74316001)(5003600100002)(99286002)(50986999)(19300405004)(230783001)(19273905006)(93886004)(40100003)(19580405001)(105586002)(106116001)(87936001)(2656002)(122556002)(33656002)(101416001)(106356001)(2900100001)(1720100001)(66066001)(68736005)(2950100001)(102836002)(15380165006)(64706001)(15975445007)(76176999)(54356999)(86362001)(5002640100001)(77156002)(5001960100002)(62966003)(81156007)(4001540100001)(46102003)(76576001)(189998001)(5001830100001)(5001920100001)(92566002)(97736004)(5001860100001)(10400500002)(5001770100001)(7059030)(16351025005)(562404015)(563064011); DIR:OUT; SFP:1101; SCL:1; SRVR:BN1PR06MB440; H:BN1PR06MB437.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: pulsesecure.net does not designate permitted sender hosts)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Aug 2015 16:14:51.5131 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3290a917-9dd6-43db-843b-a3e376f9f96c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR06MB440
X-Microsoft-Exchange-Diagnostics: 1; BN1PR06MB136; 2:FCEl6Lfu73q8swhPxicdoX6v8p2217pdb3okp6/fVop1W15HnFA3SAhajIn43enCkhqiICBqAKTQJyDAJtyIoRtKf+NJPuaNrPlUhrsZnNMBxR54r0v50dB0AFEJcXrXWdfqKeECoZvSnA9e1fNLMQ/bE023bYnM/GAnOhBIZIk=; 3:2N3FQcnwYXaAHHYWmzzZsCLEdkrxCaUZZ0uk2yAyHfjzwHcHbiOqKjO+XNffKEda0l8fvfrPXMkIHtQD7cjHsglKdDiyh8tq/b+bx9uRB1hKZ2wwDLHEqsH4fua+xELASC8aND4NnsXjmmbFbRStCvLk0vYHtQx0mXTLBoW5Eu0=; 25:J8fNAc1v/JlB6z0AurnmMVZ4q1dA1MSGCZC+bLmWeQ5YKhjOILTg533D0Arn7uFybG+MLBygk50JjNCPPeY/HR+zQSNUFCP6DKZThzkYrSLe7ce5h8ELEUfMemz5cR+9+dnfhpFusGJdIaQyhnWPBBA97eVji59Al735q+c3MKIl0yNQwapraQ7SRVo9GG7UEUCasihBeysUbPUEqamXPa6rdEzpAA4fem+0OJL2/xHO/X2eeafq/m20WuhwN3DzlGNrFc9VHUN4Y/+f3j52RA==; 23:wSAhMGmKxvYMHDE3vMcFuxhAH+fpRj0I9XIH1a3+Sv3z+x7ldbcx4zIpZikHwXc4ofjNEoNaLCY8i1VwRLl4RTnJdpTsF26iRvec+3vHmnihFd7KFHMRDI9rrCiJXVYqk1y8k/ZcOJ9wqnQdJzOMpYavwY1nLK7pDQ0rv8nnB5wyqxx2VFBoQzcOKedrSB5wVbix49lRABnmiDClcN0gODIU0CWXlyOG7RhlFRdzZBeDRrnDioAHCWGsaOuInXiQ
X-OriginatorOrg: pulsesecure.net
Archived-At: <http://mailarchive.ietf.org/arch/msg/sacm/9bpwZKd70gU56eFmyvVo9dxa9P4>
Cc: sacmwg/draft-ietf-sacm-requirements <draft-ietf-sacm-requirements@noreply.github.com>, sacmwg/draft-ietf-sacm-requirements <reply+00a6c4d1129080622850c5e27de14219f5265ff1c931c67092cf0000000111dc5ac392a169ce05cd0b75@reply.github.com>, sacm <sacm@ietf.org>, "Ron.Colvin@nasa.gov" <Ron.Colvin@nasa.gov>
Subject: Re: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 16:15:59 -0000

Hi all,

I completely agree that our privacy considerations need to explicitly call out these issues and provide guidance that this information needs to be protected as any other PII would be protected.  

Rather than SACM getting into the details of what comprises that protection, I'd rather see us refer out to the work that's already been done by many other groups in characterizing that protection - such the two Kathleen mentions here, RFC6973 (great resource, thank you!) and the IAB statement, and possibly resources from other standards bodies such as the NIST guide to protecting PII (http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf - see http://csrc.nist.gov/publications/nistbul/april-2010_guide-protecting-pii.pdf for a summary).  No point in re-inventing the wheel when we can point to someone else's wheel instead. :)

Regards,
Lisa

-----Original Message-----
From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Kathleen Moriarty
Sent: Friday, August 07, 2015 11:35 AM
To: Ira McDonald <blueroofmusic@gmail.com>
Cc: sacmwg/draft-ietf-sacm-requirements <draft-ietf-sacm-requirements@noreply.github.com>; sacmwg/draft-ietf-sacm-requirements <reply+00a6c4d1129080622850c5e27de14219f5265ff1c931c67092cf0000000111dc5ac392a169ce05cd0b75@reply.github.com>; sacm <sacm@ietf.org>; Ron.Colvin@nasa.gov
Subject: Re: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55)

Hello,

This is a good discussion and it seems that it is getting to the right set of points, that we do need to worry about index data and ways to correlate information back to systems and possibly to users of those systems or whose data crosses those systems.

Jim is right on the PM angle, but you can phrase this lots of ways.
In terms of privacy, we worry about indexes, anything considered sensitive that requires confidentiality related to privacy, and PII.
There are lots of ways to handle this and that will be up to the WG to decide how to provide such guidance.  We do have materials to help you from the view of developing protocols.

Here are some links from a slide I've been using in presentations (please do read the RFC listed, it's very helpful):
ŸIETF Privacy Considerations for Internet protocols
  –https://datatracker.ietf.org/doc/rfc6973/
  –Data protection
     ▪Object level encryption
     ▪Determining when data is not necessary
     ▪Obscuring data or generalizing when possible
     ▪Protections on sensitive data and indexes to that data
  –Push for encrypted traffic
ŸIAB Statement on Internet Confidentiality
  –https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/

Pervasive Monitoring is an Attack
  –RFC7258/BCP188 published after major IETF LC debate – sets the basis for further actions
  –https://www.rfc-editor.org/rfc/rfc7258.txt

In case you missed the tech plenary for IETF88 and you prefer video over reading (or in addition), this was a great plenary that gives background into these considerations for the IETF:
http://www.ietf.org/live/ietf88/text.html

Unofficial stuff:
Blog from Snowden Q&A in Prague:
https://www.mnot.net/blog/2015/07/20/snowden_meets_the_ietf

If you missed the Snowden Q&A on Sunday of Prague, here is a link:
https://www.youtube.com/watch?feature=youtu.be&v=0NvsUXBCeVA&app=desktop


We are also working with the IEEE on their privacy work.  This includes work to ensure MAC addresses can't be used to identify hosts (and thus users of the hosts).

Thanks,
Kathleen

On Fri, Aug 7, 2015 at 10:51 AM, Ira McDonald <blueroofmusic@gmail.com> wrote:
> Hi,
>
> When an enterprise network is breached by an outside attacker (using "if"
> no longer seems appropriate) or is compromised by an inside attacker, 
> the SACM components that have datastores of devices and associated 
> identity info as well as (often) associated user identities are 
> high-value targets of attacks for bulk theft of PII.
>
> By its fundamental nature, SACM increases the threat of exposure of 
> PII and therefore should address anonymization of individual device 
> identity info and strong controls on the dissemination of that info to subscribers.
>
> Cheers,
> - Ira
>
>
> Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted 
> Mobility Solutions WG Chair - Linux Foundation Open Printing WG 
> Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG 
> Internet Printing Protocol WG IETF Designated Expert - IPP & Printer 
> MIB Blue Roof Music / High North Inc 
> http://sites.google.com/site/blueroofmusic
> http://sites.google.com/site/highnorthinc
> mailto: blueroofmusic@gmail.com
> Winter  579 Park Place  Saline, MI  48176  734-944-0094 Summer  PO Box 
> 221  Grand Marais, MI 49839  906-494-2434
>
>
> On Fri, Aug 7, 2015 at 10:01 AM, Ron Colvin <Ron.Colvin@nasa.gov> wrote:
>>
>> My understanding on PII is that as soon as I associate a person with 
>> an email address, phone number or physical address I have PII that I 
>> need to protect. If we associate a user id, account or user 
>> provisioned PKI with a device including possibly a MAC address we probably have the same concerns.
>>
>> I think in many cases user certificates are used for device 
>> authentication and I thought that was an attribute that was highly desirable.
>>
>>
>> On 8/7/15 7:38 AM, adammontville wrote:
>>
>> I agree that privacy needs to be covered.
>>
>> Still, when we talk about identity or identification in this working 
>> group, we're talking about something different than PII data. As 
>> such, there's this other issue for the information model 
>> sacmwg/draft-ietf-sacm-information-model#21, which is seeking to get 
>> feedback on what a useful term other than identity might be. The 
>> present candidate seems to be designate. So, instead of "identify an 
>> endpoint" we would "designate an endpoint" or "collect AVPs from the 
>> designated set of endpoints".
>>
>> I also wouldn't go so far as to say that we're performing pervasive 
>> monitoring in the sense that mainstream media understands the term. 
>> Our scope has always been single-enterprise, and it remains that way.
>>
>> Again, privacy is important, but I don't think we're talking about 
>> PII as much as might be implied by our choice of terms.
>>
>> —
>> Reply to this email directly or view it on GitHub.
>>
>>
>>
>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>>
>> --
>>
>>
>> ********************************************************
>> Ron Colvin CISSP, CAP, CEH
>> Certified Security Analyst
>> NASA - Goddard Space Flight Center
>> <ron.colvin@nasa.gov>
>> Direct phone 301-286-2451
>> NASA Jabber (rdcolvin@im.nasa.gov) AIM rcolvin13 NASA LCS 
>> (ronald.d.colvin@nasa.gov)
>> ********************************************************
>>
>>
>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>



-- 

Best regards,
Kathleen

_______________________________________________
sacm mailing list
sacm@ietf.org
https://www.ietf.org/mailman/listinfo/sacm

v2.23.0 | Report a Bug | By Email