IETF Logo Mail Archive

Re: [Slim] Stephen Farrell's Block on charter-ietf-slim-00-06: (with BLOCK)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 29 September 2015 15:35 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: slim@ietfa.amsl.com
Delivered-To: slim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE2191B4545 for <slim@ietfa.amsl.com>; Tue, 29 Sep 2015 08:35:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oSYOI_MdPzpS for <slim@ietfa.amsl.com>; Tue, 29 Sep 2015 08:35:22 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E08D91B4544 for <slim@ietf.org>; Tue, 29 Sep 2015 08:35:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B408FBE49; Tue, 29 Sep 2015 16:35:20 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dbTjlSt7dJaO; Tue, 29 Sep 2015 16:35:15 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.31.32]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id DAC94BE32; Tue, 29 Sep 2015 16:35:14 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1443540915; bh=1hPKGnJqcDShL2+ES8t/oak9Ukhv4DHqI2mhkuEqBSw=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=aqw0LJ7KX16xWhJ2bD/KGQb6ZdkfsdaTbGWjRWDn2uvhYozh3LXWo5ODCQV4FVcQY tkOA/Y43dfpjEuxHwIx0R6dpIrjTgem1F4GO4qRuWeFPlG6sDowDCGjt5AM5hEb0x+ 6up8KPl7wI6X4p11UevRrjtURTljlK74VMb84nYE=
To: Brian Rosen <br@brianrosen.net>
References: <CAOW+2dvfY-gPbSOUZu9RZbcLkypWkLO3zR5Tgud9+g1nBTg5eg@mail.gmail.com> <560988C3.6080402@omnitor.se> <5609BBA6.9080101@cs.tcd.ie> <ECA94B5B-E2B1-498C-A6F8-3F037C0120E3@brianrosen.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <560AAFB2.4060805@cs.tcd.ie>
Date: Tue, 29 Sep 2015 16:35:14 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <ECA94B5B-E2B1-498C-A6F8-3F037C0120E3@brianrosen.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/slim/1I5i6BBIfSSmwD9fch9wNy39910>
Cc: slim@ietf.org, Gunnar Hellström <gunnar.hellstrom@omnitor.se>, Bernard Aboba <bernard.aboba@gmail.com>
Subject: Re: [Slim] Stephen Farrell's Block on charter-ietf-slim-00-06: (with BLOCK)
X-BeenThere: slim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Selection of Language for Internet Media <slim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/slim>, <mailto:slim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/slim/>
List-Post: <mailto:slim@ietf.org>
List-Help: <mailto:slim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/slim>, <mailto:slim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2015 15:35:25 -0000


On 29/09/15 16:23, Brian Rosen wrote:
> Using the emergency use case as an example of where privacy concerns
> drive requirements is a bad idea.

Interesting sentence! I think it, and one I'd write nicely illustrate
the difference in perspectives. The one I'd write is:

Using the emergency use case to drive requirements with the result that
privacy concerns are de-prioritised is a bad idea.

> 
> In emergencies, it’s MUCH more important that a call goes through and
> you get the help you need than privacy is maintained.  Privacy is
> highly desirable, but not at the cost of call failure.  In fact in
> most countries, when you place an emergency call, there is a
> statutory explicit loss of privacy.  Any mechanism has to fail in
> such a way that the call goes through and the privacy is lost, not
> the call fails and privacy is maintained.  If you fail to establish
> TLS, you retry without it, for example.
> 
> It would be much better to focus on the normal language translation
> service, where there is no explicit loss of privacy.

I'd be happier if the emergency use-case was downplayed, yes. However,
I don't think I agree that emergency use-cases have more stringent
privacy requirements, aren't they the same? The possible problem is
not the different privacy requirements but that the focus on emergency
calling is likely to lead to (IMO) the wrong balance being reached
when trading off privacy and availability.

S.


> 
> Brian
> 
> 
>> On Sep 28, 2015, at 6:13 PM, Stephen Farrell
>> <stephen.farrell@cs.tcd.ie> wrote:
>> 
>> 
>> Hiya,
>> 
>> (Answering this one as it may provide my best entry point in the 
>> thread...)
>> 
>> On 28/09/15 19:36, Gunnar Hellström wrote:
>>> Some modality needs can have privacy and security implications
>>> that make it important to not communicate them openly.
>> 
>> Yes, the possibility that emergency services could make it harder 
>> to do the above is my main concern. And even moreso because the
>> way in which the WG choose to annotate a call with language
>> information could well be copied for other annotations. The upshot
>> could be that the need to consider emergency calls results in there
>> being no effective way to provide confidentiality (in particular)
>> for these kinds of annotation.
>> 
>>> Some modality requirement combinations may indicate that you have
>>> a disability that may make it slightly easier to commit a crime
>>> to you.
>> 
>> I think that's another issue, but less of a deal for me. There's
>> also the related issue that one might in some places/cases be more 
>> discriminated  against the more (some of) one's language
>> preference(s) are more public. (I can envisage specific real cases
>> where a caller might be reluctant to reveal an ability to speak
>> language-X because they fear that would result in worse treatment
>> of the person, regardless of the treatment of the call.)
>> 
>>> 
>>> Therefore it adds to the other usual reasons to keep the SIP
>>> exchange privacy protected.
>> 
>> But isn't the reality that many SIP messages are not protected?
>> 
>> As to charter language, I'd be happy if the charter said that there
>> is a need to ensure that language, like other annotations of calls,
>> does need to be something one can, in practice, protect, including
>> at the very least hop-by-hop confidentiality, but with some form of
>> e2e confidentiality being highly desirable (maybe based on TOFU or
>> similar in cases where multiple calls may occur between the same
>> parties). I'm not fussed about how exactly that is stated so long
>> as the result is that the kind of can't-be-secured solution that
>> might be attractive for emergency calling is not considered by
>> itself sufficient.
>> 
>> Or, if my impression of VoIP is outdated and in fact securing this 
>> kind of data is now routinely done, then I would agree that there 
>> might not be a need for specific charter text. (In that case, some 
>> pointers to descriptions of networks where that is the case would 
>> be useful.)
>> 
>> Lastly, now that I'm thinking about it a bit more, it is not clear 
>> to me if the security and privacy requirements for the two
>> different applications are considered the same or not. Either way,
>> it could be good to be explicit about that in the charter too.
>> 
>> Hope that helps, S.
>> 
>> 
>>> 
>>> /Gunnar
>>> 
>>> ----------------------------------------- Gunnar Hellström 
>>> Omnitor gunnar.hellstrom@omnitor.se +46 708 204 288
>>> 
>>> Den 2015-09-28 kl. 17:35, skrev Bernard Aboba:
>>>> Stephen --
>>>> 
>>>> I happen to share your concern about potential security and
>>>> privacy issues with emergency services architectures.  For
>>>> example, I have reviewed proposals for state NG911
>>>> architectures that may not function well if traffic is
>>>> encrypted (e.g. they specify network-based intrusion detection
>>>> systems that assume access to cleartext).
>>>> 
>>>> That said, it is not clear to me how language negotiation makes
>>>> that problem worse (or better).  Presumably the specifications
>>>> referred to in the Charter would be compatible with IETF
>>>> security standards (e.g. SIP over TLS, Secure WebSockets, SRTP,
>>>> DTLS/SRTP, etc.) so that an emergency call made using the SLIM
>>>> specifications could be secured.
>>>> 
>>>> Since SLIM is not chartered to focus on security and privacy
>>>> issues relating to emergency services (or email), I'm not sure
>>>> what more can be done within this Charter to address your
>>>> concern.
>>>> 
>>>> ========================================
>>>> 
>>>> 
>>>> [Slim] Stephen Farrell's Block on charter-ietf-slim-00-06:
>>>> (with BLOCK)
>>>> 
>>>> "Stephen Farrell" <stephen.farrell@cs.tcd.ie 
>>>> <mailto:stephen.farrell@cs.tcd.ie
>>>> <mailto:stephen.farrell@cs.tcd.ie>>> Thu, 17 September 2015
>>>> 13:54 UTCShow header 
>>>> <https://mailarchive.ietf.org/arch/search/?email_list=slim&qdr=y#
>>>> <https://mailarchive.ietf.org/arch/search/?email_list=slim&qdr=y#>>
>>>>
>>>>
>>>> 
Stephen Farrell has entered the following ballot position for
>>>> charter-ietf-slim-00-06: Block
>>>> 
>>>> When responding, please keep the subject line intact and reply
>>>> to all email addresses included in the To and CC lines. (Feel
>>>> free to cut this introductory paragraph, however.)
>>>> 
>>>> The document, along with other ballot positions, can be found
>>>> here: https://datatracker.ietf.org/doc/charter-ietf-slim/
>>>> 
>>>> ----------------------------------------------------------------------
>>>>
>>>> 
BLOCK:
>>>> ----------------------------------------------------------------------
>>>>
>>>>
>>>> 
I wonder if the security and privacy considerations associated
>>>> with email and WebRTC are so totally different that it might
>>>> really be better to handle language separately for each.
>>>> 
>>>> I'm also a bit leery of emergency calls being used to justify 
>>>> handling language in a way that exposes privacy unnecessarily. 
>>>> (I don't mean that language preference is highly sensitive, as
>>>> it's usually not, but I think there is a meme where emergency 
>>>> services are used to justify doing all sorts of stuff without 
>>>> security, so the call is more likely to get through.)
>>>> 
>>>> The first bit was a comment I made back in July and I don't 
>>>> think I saw any response. (But I may have forgotten.)
>>>> 
>>>> We can chat about it on the call.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________ SLIM mailing
>>>> list SLIM@ietf.org https://www.ietf.org/mailman/listinfo/slim
>>> 
>>> 
>> 
>> _______________________________________________ SLIM mailing list 
>> SLIM@ietf.org https://www.ietf.org/mailman/listinfo/slim
> 
>

v2.23.0 | Report a Bug | By Email