[Sandbox-mailoutput] [Django development] Internal WG Review: Privacy Preserving Measurement (ppm)
IETF Secretariat <ietf-secretariat-reply@ietf.org> Mon, 31 January 2022 21:46 UTC
Return-Path: <ietf-secretariat-reply@ietf.org>
X-Original-To: sandbox-mailoutput@ietfa.amsl.com
Delivered-To: sandbox-mailoutput@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 469733A1992
for <sandbox-mailoutput@ietfa.amsl.com>; Mon, 31 Jan 2022 13:46:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id JzdDoZiuYzMc for <sandbox-mailoutput@ietfa.amsl.com>;
Mon, 31 Jan 2022 13:46:29 -0800 (PST)
Received: from sandbox.amsl.com (sandbox.amsl.com [4.31.198.43])
by ietfa.amsl.com (Postfix) with ESMTP id CAD933A19A6
for <sandbox-mailoutput@ietf.org>; Mon, 31 Jan 2022 13:46:29 -0800 (PST)
Received: from [4.31.198.43] (localhost [IPv6:::1])
by sandbox.amsl.com (Postfix) with ESMTP id 136E41036D27F
for <sandbox-mailoutput@ietf.org>; Mon, 31 Jan 2022 13:46:28 -0800 (PST)
Content-Type: multipart/mixed; boundary="===============2471644100238371191=="
MIME-Version: 1.0
From: IETF Secretariat <ietf-secretariat-reply@ietf.org>
To: sandbox-mailoutput@ietf.org
Message-ID: <164366558806.37396.426173212175504143@sandbox>
Date: Mon, 31 Jan 2022 13:46:28 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/sandbox-mailoutput/PtDeF9g1oc3IS7yF864_UFEoauU>
Subject: [Sandbox-mailoutput] [Django development] Internal WG Review:
Privacy Preserving Measurement (ppm)
X-BeenThere: sandbox-mailoutput@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <sandbox-mailoutput.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sandbox-mailoutput>,
<mailto:sandbox-mailoutput-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sandbox-mailoutput/>
List-Post: <mailto:sandbox-mailoutput@ietf.org>
List-Help: <mailto:sandbox-mailoutput-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sandbox-mailoutput>,
<mailto:sandbox-mailoutput-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2022 21:46:44 -0000
The attached message would have been sent, but the tracker is in development mode. It was not sent to anybody.
--- Begin Message ---A new IETF WG is being considered in the IETF. The draft charter for this WG is provided below for your review and comment. Review time is one week. The IETF Secretariat Privacy Preserving Measurement (ppm) ----------------------------------------------------------------------- Current status: Proposed WG Chairs: TBD Assigned Area Director: Roman Danyliw <rdd@cert.org> Security Area Directors: Benjamin Kaduk <kaduk@mit.edu> Roman Danyliw <rdd@cert.org> Mailing list: Address: ppm@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/ppm Archive: https://mailarchive.ietf.org/arch/browse/ppm/ Charter: https://datatracker.ietf.org/doc/charter-ietf-ppm/ There are many situations in which it is desirable to take measurements of data which people consider sensitive. For instance, a browser company might want to measure web sites that do not render properly without learning which users visit those sites, or a public health authority might want to measure exposure to some disease without learning the identities of those exposed. In these cases, the entity taking the measurement is not interested in people's individual responses but rather in aggregated data (e.g., how many users had errors on site X). Conventional methods require collecting individual measurements in plaintext and then aggregating them, thus representing a threat to user privacy and rendering many such measurements difficult and impractical. New cryptographic techniques address this gap through a variety of techniques, all of which aim to ensure that the server (or multiple, non-colluding servers) can compute the aggregated value without learning the value of individual measurements. The Privacy Preserving Measurement (PPM) work will standardize protocols for deployment of these techniques on the Internet. This will include mechanisms for: - Client submission of individual measurements, potentially along with proofs of validity - Verification of validity proofs by the server(s), if sent by client - Computation of aggregate values by the server(s) and reporting of results to the entity taking the measurement A successful PPM system assumes that clients and servers are configured with each other's identities and details of the types of measurements to be taken. This is assumed to happen out of band and will not be standardized in this working group. The WG will deliver one or more protocols which can accommodate multiple PPM algorithms. The initial deliverables will support the calculation of simple predefined statistical aggregates such as averages, as well as calculations of the values that most frequently appear in individual measurements. The PPM protocols will use cryptographic algorithms defined by the CFRG. The protocol will be designed to limit abuse by both client and aggregators, including exposure of individual user measurements and denial of service attacks on the measurement system. The resulting documents shall clearly describe abuse cases and remaining attacks which are not prevented or mitigated by the protocol. The starting point for PPM WG discussions shall be draft-gpew-priv-ppm. Milestones:--- End Message ---
- [Sandbox-mailoutput] [Django development] Interna… IETF Secretariat