Re: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 07 August 2015 18:10 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2592F1AC3AF for <sacm@ietfa.amsl.com>; Fri, 7 Aug 2015 11:10:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Level:
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grgLT_cTum2w for <sacm@ietfa.amsl.com>; Fri, 7 Aug 2015 11:10:53 -0700 (PDT)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23C0C1A9175 for <sacm@ietf.org>; Fri, 7 Aug 2015 11:10:53 -0700 (PDT)
Received: by wibhh20 with SMTP id hh20so75760240wib.0 for <sacm@ietf.org>; Fri, 07 Aug 2015 11:10:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=tH3HJXaW5yOmJ8JTWN07jQ/KDSspgny8GEbQH77fcms=; b=BkjHEu7y+g7Owo2H8wpjUDbBsg7oOizuXy28w9PWCleaz6+DIPH1eRQL7clCrVfK1O vukDcorYfcdk3pcHQV2OIkiCY8GfCXVZGrIvJcbtEzv+eDZhPHme6LCmPYkvbotBODlM LhxNfGtTCI/6qbkZhBgAB2iNbXkM3P+dVU8stcIRFsNGpldNTNFS1Q7OzUNz+IVrCnF2 FSQ7uMk25RwgzSyep5YwRoBGzdCBX2oMgGSVbtmS245/B66QXLtRpolmKf2BrVMUPzqk eglNuuF7Jbxs/dLZ6+ijVSxvzhINM/jSnl8wdEZRmCN0bHHDDyh/lYS8FpjOv3oi0vi3 4DAw==
MIME-Version: 1.0
X-Received: by 10.194.205.37 with SMTP id ld5mr18722971wjc.14.1438971051559; Fri, 07 Aug 2015 11:10:51 -0700 (PDT)
Received: by 10.28.0.67 with HTTP; Fri, 7 Aug 2015 11:10:51 -0700 (PDT)
In-Reply-To: <BN1PR06MB4371999A298D0A088737297A8730@BN1PR06MB437.namprd06.prod.outlook.com>
References: <sacmwg/draft-ietf-sacm-requirements/issues/55@github.com> <sacmwg/draft-ietf-sacm-requirements/issues/55/128680469@github.com> <55C4BA28.2010006@nasa.gov> <CAN40gSvf+9jA=kC0Epzd=zUrqX5Qcoq8ry7-wvwgcK5cpt7ybg@mail.gmail.com> <CAHbuEH7QhSCLBrRAiW0Qmg_9rKmFnQ9JM5N1fH5YvK779Vb-yg@mail.gmail.com> <BN1PR06MB4371999A298D0A088737297A8730@BN1PR06MB437.namprd06.prod.outlook.com>
Date: Fri, 07 Aug 2015 14:10:51 -0400
Message-ID: <CAHbuEH76kAZTwD10Br-wfnU40PUDvdEDG2Mxg0O=o77ShMUF4g@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Lisa Lorenzin <llorenzin@pulsesecure.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/sacm/RR2sFKQPwEp766DR9UpM5BovPUA>
Cc: sacmwg/draft-ietf-sacm-requirements <draft-ietf-sacm-requirements@noreply.github.com>, sacmwg/draft-ietf-sacm-requirements <reply+00a6c4d1129080622850c5e27de14219f5265ff1c931c67092cf0000000111dc5ac392a169ce05cd0b75@reply.github.com>, Ira McDonald <blueroofmusic@gmail.com>, sacm <sacm@ietf.org>, "Ron.Colvin@nasa.gov" <Ron.Colvin@nasa.gov>
Subject: Re: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 18:10:56 -0000
Good discussion and just a note in an effort to help make this easier for you all. If you call out any data used as an index or sensitive data, then offer options for protection (could be leaving that data out or using role names instead of specific users for instance) and discuss the need for confidentiality and privacy protections, that should be enough for the draft. There may be other considerations outside of data model elements, so reading the referenced RFCs would be good as the IETF's use of the word privacy is broader than that of enterprises. For SACM, a service provider environment might also be considered in scope as an "enterprise". I'll look for this section when doing an AD review and should catch most things that would come up in the IESG review to help correct them before it goes on for the following review phase as well. Thanks, Kathleen On Fri, Aug 7, 2015 at 12:14 PM, Lisa Lorenzin <llorenzin@pulsesecure.net> wrote: > Hi all, > > I completely agree that our privacy considerations need to explicitly call out these issues and provide guidance that this information needs to be protected as any other PII would be protected. > > Rather than SACM getting into the details of what comprises that protection, I'd rather see us refer out to the work that's already been done by many other groups in characterizing that protection - such the two Kathleen mentions here, RFC6973 (great resource, thank you!) and the IAB statement, and possibly resources from other standards bodies such as the NIST guide to protecting PII (http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf - see http://csrc.nist.gov/publications/nistbul/april-2010_guide-protecting-pii.pdf for a summary). No point in re-inventing the wheel when we can point to someone else's wheel instead. :) > > Regards, > Lisa > > -----Original Message----- > From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Kathleen Moriarty > Sent: Friday, August 07, 2015 11:35 AM > To: Ira McDonald <blueroofmusic@gmail.com> > Cc: sacmwg/draft-ietf-sacm-requirements <draft-ietf-sacm-requirements@noreply.github.com>; sacmwg/draft-ietf-sacm-requirements <reply+00a6c4d1129080622850c5e27de14219f5265ff1c931c67092cf0000000111dc5ac392a169ce05cd0b75@reply.github.com>; sacm <sacm@ietf.org>; Ron.Colvin@nasa.gov > Subject: Re: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55) > > Hello, > > This is a good discussion and it seems that it is getting to the right set of points, that we do need to worry about index data and ways to correlate information back to systems and possibly to users of those systems or whose data crosses those systems. > > Jim is right on the PM angle, but you can phrase this lots of ways. > In terms of privacy, we worry about indexes, anything considered sensitive that requires confidentiality related to privacy, and PII. > There are lots of ways to handle this and that will be up to the WG to decide how to provide such guidance. We do have materials to help you from the view of developing protocols. > > Here are some links from a slide I've been using in presentations (please do read the RFC listed, it's very helpful): > ŸIETF Privacy Considerations for Internet protocols > –https://datatracker.ietf.org/doc/rfc6973/ > –Data protection > ▪Object level encryption > ▪Determining when data is not necessary > ▪Obscuring data or generalizing when possible > ▪Protections on sensitive data and indexes to that data > –Push for encrypted traffic > ŸIAB Statement on Internet Confidentiality > –https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/ > > Pervasive Monitoring is an Attack > –RFC7258/BCP188 published after major IETF LC debate – sets the basis for further actions > –https://www.rfc-editor.org/rfc/rfc7258.txt > > In case you missed the tech plenary for IETF88 and you prefer video over reading (or in addition), this was a great plenary that gives background into these considerations for the IETF: > http://www.ietf.org/live/ietf88/text.html > > Unofficial stuff: > Blog from Snowden Q&A in Prague: > https://www.mnot.net/blog/2015/07/20/snowden_meets_the_ietf > > If you missed the Snowden Q&A on Sunday of Prague, here is a link: > https://www.youtube.com/watch?feature=youtu.be&v=0NvsUXBCeVA&app=desktop > > > We are also working with the IEEE on their privacy work. This includes work to ensure MAC addresses can't be used to identify hosts (and thus users of the hosts). > > Thanks, > Kathleen > > On Fri, Aug 7, 2015 at 10:51 AM, Ira McDonald <blueroofmusic@gmail.com> wrote: >> Hi, >> >> When an enterprise network is breached by an outside attacker (using "if" >> no longer seems appropriate) or is compromised by an inside attacker, >> the SACM components that have datastores of devices and associated >> identity info as well as (often) associated user identities are >> high-value targets of attacks for bulk theft of PII. >> >> By its fundamental nature, SACM increases the threat of exposure of >> PII and therefore should address anonymization of individual device >> identity info and strong controls on the dissemination of that info to subscribers. >> >> Cheers, >> - Ira >> >> >> Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted >> Mobility Solutions WG Chair - Linux Foundation Open Printing WG >> Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG >> Internet Printing Protocol WG IETF Designated Expert - IPP & Printer >> MIB Blue Roof Music / High North Inc >> http://sites.google.com/site/blueroofmusic >> http://sites.google.com/site/highnorthinc >> mailto: blueroofmusic@gmail.com >> Winter 579 Park Place Saline, MI 48176 734-944-0094 Summer PO Box >> 221 Grand Marais, MI 49839 906-494-2434 >> >> >> On Fri, Aug 7, 2015 at 10:01 AM, Ron Colvin <Ron.Colvin@nasa.gov> wrote: >>> >>> My understanding on PII is that as soon as I associate a person with >>> an email address, phone number or physical address I have PII that I >>> need to protect. If we associate a user id, account or user >>> provisioned PKI with a device including possibly a MAC address we probably have the same concerns. >>> >>> I think in many cases user certificates are used for device >>> authentication and I thought that was an attribute that was highly desirable. >>> >>> >>> On 8/7/15 7:38 AM, adammontville wrote: >>> >>> I agree that privacy needs to be covered. >>> >>> Still, when we talk about identity or identification in this working >>> group, we're talking about something different than PII data. As >>> such, there's this other issue for the information model >>> sacmwg/draft-ietf-sacm-information-model#21, which is seeking to get >>> feedback on what a useful term other than identity might be. The >>> present candidate seems to be designate. So, instead of "identify an >>> endpoint" we would "designate an endpoint" or "collect AVPs from the >>> designated set of endpoints". >>> >>> I also wouldn't go so far as to say that we're performing pervasive >>> monitoring in the sense that mainstream media understands the term. >>> Our scope has always been single-enterprise, and it remains that way. >>> >>> Again, privacy is important, but I don't think we're talking about >>> PII as much as might be implied by our choice of terms. >>> >>> — >>> Reply to this email directly or view it on GitHub. >>> >>> >>> >>> _______________________________________________ >>> sacm mailing list >>> sacm@ietf.org >>> https://www.ietf.org/mailman/listinfo/sacm >>> >>> >>> -- >>> >>> >>> ******************************************************** >>> Ron Colvin CISSP, CAP, CEH >>> Certified Security Analyst >>> NASA - Goddard Space Flight Center >>> <ron.colvin@nasa.gov> >>> Direct phone 301-286-2451 >>> NASA Jabber (rdcolvin@im.nasa.gov) AIM rcolvin13 NASA LCS >>> (ronald.d.colvin@nasa.gov) >>> ******************************************************** >>> >>> >>> _______________________________________________ >>> sacm mailing list >>> sacm@ietf.org >>> https://www.ietf.org/mailman/listinfo/sacm >>> >> >> >> _______________________________________________ >> sacm mailing list >> sacm@ietf.org >> https://www.ietf.org/mailman/listinfo/sacm >> > > > > -- > > Best regards, > Kathleen > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm -- Best regards, Kathleen
- [sacm] [draft-ietf-sacm-requirements] Do we need … Jim Schaad
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… adammontville
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Ron Colvin
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Ira McDonald
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Kathleen Moriarty
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Lisa Lorenzin
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Kathleen Moriarty
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Jim Schaad
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Kathleen Moriarty
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… llorenzin
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… dromasca