Re: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55)
Ira McDonald <blueroofmusic@gmail.com> Fri, 07 August 2015 14:52 UTC
Return-Path: <blueroofmusic@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D0481A8731 for <sacm@ietfa.amsl.com>; Fri, 7 Aug 2015 07:52:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZpy5Bl24TZJ for <sacm@ietfa.amsl.com>; Fri, 7 Aug 2015 07:52:17 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 968951A871E for <sacm@ietf.org>; Fri, 7 Aug 2015 07:52:17 -0700 (PDT)
Received: by iodb91 with SMTP id b91so53961358iod.1 for <sacm@ietf.org>; Fri, 07 Aug 2015 07:52:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=TOXAIo3DpWzOBHPgo+vkpSJHHwTaz2P6nvMnzM+siZ8=; b=ueW5DVsVHn6yRWEMKCMowXOym3RAQJ3koUdmKEd1nd37B1bsnIbOYnMGw+QxywJ2ix VcDyMAKSq8mGzfBg+8IYb46dy6GY/x1SMcB5pvkrPcOKpqhVBrqsgrgyOwMBJoxJjjxP Ofox75CTRyiey7e/bSk16s7Gt9JoNTbgHGIFAxX5iLGpHSRefuUtCILhut/eKZ9PorH0 0OF+PoBx7Yiu8FzsYx3A40bXpfOO/tZZd20TH2DjpvQ9fMd+gBRmnj1CssW6mUxMGiZb BMVG3ytz0QCQDwgLjCJElSsb1YRB2pdkf9tQ3/VqwvaIiyjfsRypDl5O4U3pkNo5/YsR 8FWA==
X-Received: by 10.107.150.1 with SMTP id y1mr7650908iod.108.1438959137000; Fri, 07 Aug 2015 07:52:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.169.89 with HTTP; Fri, 7 Aug 2015 07:51:57 -0700 (PDT)
In-Reply-To: <55C4BA28.2010006@nasa.gov>
References: <sacmwg/draft-ietf-sacm-requirements/issues/55@github.com> <sacmwg/draft-ietf-sacm-requirements/issues/55/128680469@github.com> <55C4BA28.2010006@nasa.gov>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Fri, 07 Aug 2015 10:51:57 -0400
Message-ID: <CAN40gSvf+9jA=kC0Epzd=zUrqX5Qcoq8ry7-wvwgcK5cpt7ybg@mail.gmail.com>
To: Ron.Colvin@nasa.gov, Ira McDonald <blueroofmusic@gmail.com>
Content-Type: multipart/alternative; boundary="001a1140ae8a351357051cb9c8e8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sacm/V9Bm1I4qUWaNu9ffL9ke1s28Ze8>
Cc: sacmwg/draft-ietf-sacm-requirements <draft-ietf-sacm-requirements@noreply.github.com>, sacmwg/draft-ietf-sacm-requirements <reply+00a6c4d1129080622850c5e27de14219f5265ff1c931c67092cf0000000111dc5ac392a169ce05cd0b75@reply.github.com>, sacm <sacm@ietf.org>
Subject: Re: [sacm] [draft-ietf-sacm-requirements] Do we need a privacy section (#55)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 14:52:20 -0000
Hi, When an enterprise network is breached by an outside attacker (using "if" no longer seems appropriate) or is compromised by an inside attacker, the SACM components that have datastores of devices and associated identity info as well as (often) associated user identities are high-value targets of attacks for bulk theft of PII. By its fundamental nature, SACM increases the threat of exposure of PII and therefore should address anonymization of individual device identity info and strong controls on the dissemination of that info to subscribers. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com Winter 579 Park Place Saline, MI 48176 734-944-0094 Summer PO Box 221 Grand Marais, MI 49839 906-494-2434 On Fri, Aug 7, 2015 at 10:01 AM, Ron Colvin <Ron.Colvin@nasa.gov> wrote: > My understanding on PII is that as soon as I associate a person with an > email address, phone number or physical address I have PII that I need to > protect. If we associate a user id, account or user provisioned PKI with a > device including possibly a MAC address we probably have the same concerns. > > I think in many cases user certificates are used for device authentication > and I thought that was an attribute that was highly desirable. > > > On 8/7/15 7:38 AM, adammontville wrote: > > I agree that privacy needs to be covered. > > Still, when we talk about *identity* or *identification* in this working > group, we're talking about something different than PII data. As such, > there's this other issue for the information model > sacmwg/draft-ietf-sacm-information-model#21 > <https://github.com/sacmwg/draft-ietf-sacm-information-model/issues/21>, > which is seeking to get feedback on what a useful term other than identity > might be. The present candidate seems to be *designate*. So, instead of > "identify an endpoint" we would "designate an endpoint" or "collect AVPs > from the designated set of endpoints". > > I also wouldn't go so far as to say that we're performing pervasive > monitoring in the sense that mainstream media understands the term. Our > scope has always been single-enterprise, and it remains that way. > > Again, privacy is important, but I don't think we're talking about PII as > much as might be implied by our choice of terms. > > — > Reply to this email directly or view it on GitHub > <https://github.com/sacmwg/draft-ietf-sacm-requirements/issues/55#issuecomment-128680469> > . > > > _______________________________________________ > sacm mailing listsacm@ietf.orghttps://www.ietf.org/mailman/listinfo/sacm > > > -- > > > ******************************************************** > Ron Colvin CISSP, CAP, CEH > Certified Security Analyst > NASA - Goddard Space Flight Center<ron.colvin@nasa.gov> <ron.colvin@nasa.gov> > Direct phone 301-286-2451 > NASA Jabber (rdcolvin@im.nasa.gov) AIM rcolvin13 > NASA LCS (ronald.d.colvin@nasa.gov) > ******************************************************** > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm > >
- [sacm] [draft-ietf-sacm-requirements] Do we need … Jim Schaad
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… adammontville
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Ron Colvin
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Ira McDonald
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Kathleen Moriarty
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Lisa Lorenzin
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Kathleen Moriarty
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Jim Schaad
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… Kathleen Moriarty
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… llorenzin
- Re: [sacm] [draft-ietf-sacm-requirements] Do we n… dromasca