Re: [secdir] Secdir last call review of draft-ietf-opsawg-ntf-09
Ben Schwartz <bemasc@google.com> Tue, 26 October 2021 14:57 UTC
Return-Path: <bemasc@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47AD93A125D for <secdir@ietfa.amsl.com>; Tue, 26 Oct 2021 07:57:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ui5mwdPQv3r for <secdir@ietfa.amsl.com>; Tue, 26 Oct 2021 07:57:40 -0700 (PDT)
Received: from mail-ua1-x936.google.com (mail-ua1-x936.google.com [IPv6:2607:f8b0:4864:20::936]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 563963A1485 for <secdir@ietf.org>; Tue, 26 Oct 2021 07:57:25 -0700 (PDT)
Received: by mail-ua1-x936.google.com with SMTP id s4so5445900uaq.0 for <secdir@ietf.org>; Tue, 26 Oct 2021 07:57:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EQl82wFE2zycDPyruIMKEFMEIi8oNU007ppZqkvvUPs=; b=E3nRX4JWoRU3GnEQN/tf7axK75VgRZa6DdBZgtCHgbU6JESC9B55OJD4yPEJ4Lzpa9 UCFgQbFDvUzT4DPZETjQwMBnSEGCqzh2Ng8WAskVGDl8IstA/UWp17N2ZrfVMwGQE5Xj ZF4NRTL0VGTmERe237VKeVyMkKPFeOpPux5o1G1BEDoQl3UXZn1biXerxqHQE086GgH1 JQ521w1aY/dnRR6QGY/wBrmT+v3qz5+8uP0Gsp2Hq3X3IL52VsesLlmhBk4xT2pjva3S 8swar4dt8yNOJK7RC+mkNaAHGoMohUeDKC+D0UBgttDKuzeAV/89KhZB3mPekucLl1s7 7Lyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EQl82wFE2zycDPyruIMKEFMEIi8oNU007ppZqkvvUPs=; b=p0b+hUYG0cvNQOc7JFUC+zqDxI0RNRkbMypWTJi9bpIpfLy2bXtsI76Vn8tO4bDP3/ 3WXMVHS31sPAXrQzrACtshmUx1jLExnQ/HDByClNbRmrIgdG47ctc5DfrWWRIeDCWuGg 9Jbt7HeN7dFEzxQtFLW6EZgXZO0JQDxQQzQB0DZwa6Hd6cqhpvIEly76E+A8YaEoFU+D yOqmL0c9YUz6hHxUfV3Sy7trEWpTAHUvXS7Fzj8S93fgmCoZIsRM+QeS91ko7apL8EXH bxIIZHABnKcL4BoXtBH1guV5Lr39LtIfFuzpODu5d1/LZMissJCCSCJtGprlVJNgb6/h AubA==
X-Gm-Message-State: AOAM531oXakapJYuauEaHIb9Y/ZMgB5XlGddw3c4I+ELMtZdmIvbXR3H xUZJ1xTMUDgwH37oyY7EiAaC9O4a6tH88ERc7hR3+w==
X-Google-Smtp-Source: ABdhPJwiDxXpdTsjLtrelVRPErRQnHCcoktRBpG4JfDaK0o+mm3LHu+QxAimSveji9vkV9Wdkdy6dFlxSLDlp7/iC0Y=
X-Received: by 2002:ab0:5928:: with SMTP id n37mr23398579uad.15.1635260242182; Tue, 26 Oct 2021 07:57:22 -0700 (PDT)
MIME-Version: 1.0
References: <f10c3804-0bb1-1b2e-c3d3-f0e5ea8c662d@isode.com>
In-Reply-To: <f10c3804-0bb1-1b2e-c3d3-f0e5ea8c662d@isode.com>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 26 Oct 2021 10:57:11 -0400
Message-ID: <CAHbrMsD0-oNGqa49XXDga0OMWZmBuHY7_NsMwz85AcjZ53esug@mail.gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: secdir@ietf.org, last-call@ietf.org, draft-ietf-opsawg-ntf.all@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000e0641005cf42b140"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/GUvFWXP7n9IjXW8xlIdMS5ZE5u0>
Subject: Re: [secdir] Secdir last call review of draft-ietf-opsawg-ntf-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2021 14:57:45 -0000
On Tue, Oct 26, 2021 at 6:26 AM Alexey Melnikov <alexey.melnikov@isode.com> wrote: ... > the Security Considerations covers > everything I can think of in regards to data confidentiality, privacy, > access control, etc. > I disagree on this point. The draft mentions privacy in exactly two places. First, in Background: > It is easy to see that network operations can benefit from > network big data to gather insights into flows without breaching > privacy. This statement is presented without justification. I disagree. If anything, it is hard to see how network operations can collect "big data" _without_ breaching privacy. The techniques described in this draft are technically identical to the Pervasive Monitoring attack documented in RFC 7258. Second, in the Security Considerations: > In addition to security, privacy is also an important issue. Network > telemetry means to improve the network operation which can ultimately > benefit end user's quality of experience. The network operators must > be held accountable and strive for a balance between managing the > network and maintaining the user privacy of that network. I don't think the IETF should be publishing drafts that recommend compromising user privacy, and I find the qualifications here vague and toothless. Although I view these as serious concerns, I think they can be remedied quite easily. It seems clear to me that the focus of this draft is on "technical" networks whose endpoints do not represent users. When all endpoints on the network represent a single administrative entity, user privacy concerns are largely inapplicable. To that end, I would replace these two paragraphs with: > When a network's endpoints do not represent individual users (e.g. in industrial, datacenter, and infrastructure contexts), network operations can often benefit from large-scale data collection without breaching user privacy. and > Large-scale network data collection is a major threat to user privacy [RFC7258]. The Network Telemetry Framework is not applicable to networks whose endpoints represent individual users, such as general-purpose access networks. Any collection or retention of data in those networks must be tightly limited to protect user privacy.
- [secdir] Secdir last call review of draft-ietf-op… Alexey Melnikov
- Re: [secdir] Secdir last call review of draft-iet… Ben Schwartz
- Re: [secdir] Secdir last call review of draft-iet… Haoyu Song
- Re: [secdir] Secdir last call review of draft-iet… Haoyu Song