IETF Logo Mail Archive

Re: [Slim] Stephen Farrell's Block on charter-ietf-slim-00-06: (with BLOCK)

Bernard Aboba <bernard.aboba@gmail.com> Fri, 02 October 2015 07:35 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: slim@ietfa.amsl.com
Delivered-To: slim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F2821ACE39; Fri, 2 Oct 2015 00:35:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2kOceyxARpDq; Fri, 2 Oct 2015 00:35:31 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCB921ACE36; Fri, 2 Oct 2015 00:35:30 -0700 (PDT)
Received: by wiclk2 with SMTP id lk2so21553143wic.0; Fri, 02 Oct 2015 00:35:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=pp5en5/AlgGZ+I0qgpAoHgo6NjQyYFIxOjGpzvVoSeM=; b=vrw8qh5CXEBKyc4mm8iRm/LFZ6DTci8YFaKduYqwNfDBGKcgw++q8tSaEIUlB+QjTY fJIEXnzq9h5mXsYwAOdumIpStjWJJz9ZjnVR5yA/82vvQHOJpNFq3gcAoQ+l9s2Io7n+ dzXV2V8pM2UKTxbaV4heg8V/KY3iGYCZw7e2YIDe655hMsergdvfQgZUkcgrJvXKraMd FbZ4Wbz9h+u0prYmAPtS050GFKFlqVaAPmoTeuGxzy+6KVpHgkORcGe4JuPgWz3cSTNs uBIGqf0zf2g4ctfMfmLJeUQqjT3xeseMT6Ve6+kmSosrbvt29SeM0y1lKBVr+qzzlMjk ZniQ==
X-Received: by 10.180.187.180 with SMTP id ft20mr2816977wic.78.1443771329500; Fri, 02 Oct 2015 00:35:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.13.106 with HTTP; Fri, 2 Oct 2015 00:35:09 -0700 (PDT)
In-Reply-To: <CAC4RtVD_LZEdavqBE22OFG9VaLu0tnKTfRx-SbwU0YYQRvN6rA@mail.gmail.com>
References: <CAOW+2dvfY-gPbSOUZu9RZbcLkypWkLO3zR5Tgud9+g1nBTg5eg@mail.gmail.com> <560988C3.6080402@omnitor.se> <5609BBA6.9080101@cs.tcd.ie> <ECA94B5B-E2B1-498C-A6F8-3F037C0120E3@brianrosen.net> <560AAFB2.4060805@cs.tcd.ie> <E82ABBAA-E5A0-458B-85BD-B11116684CA4@brianrosen.net> <CAC4RtVAetrWxchMA5TDRgF=oJ34EphjB=WE1c=HSAAvtF_wPYA@mail.gmail.com> <560AFD5A.5060101@cs.tcd.ie> <CAOW+2dtWQDPKbWc9ncTxGx+fbgwHo0y9karCn-NjS8iAYwhvRw@mail.gmail.com> <560B8CC1.2060405@cs.tcd.ie> <CAOW+2dvMW75ST-X+FsLxJOjJt33jxVaqNzM0gM05VcX9UWOLDg@mail.gmail.com> <560C0716.8050404@alum.mit.edu> <476BCA21-7802-4E39-A22A-835BE66E15E8@brianrosen.net> <560C1019.80509@alum.mit.edu> <560C1436.6080200@omnitor.se> <CAC4RtVD_LZEdavqBE22OFG9VaLu0tnKTfRx-SbwU0YYQRvN6rA@mail.gmail.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Fri, 02 Oct 2015 00:35:09 -0700
Message-ID: <CAOW+2dsPRXOh3_fTNMud4ANG0BvTWiS7xX_D6sGW-8cSAfdziA@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Content-Type: multipart/alternative; boundary="001a11c33e843b5f3505211a3546"
Archived-At: <http://mailarchive.ietf.org/arch/msg/slim/GDNXd6pC7BjbVEv6N09hDQcjUtA>
Cc: slim@ietf.org, Gunnar Hellström <gunnar.hellstrom@omnitor.se>, IESG <iesg@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Slim] Stephen Farrell's Block on charter-ietf-slim-00-06: (with BLOCK)
X-BeenThere: slim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Selection of Language for Internet Media <slim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/slim>, <mailto:slim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/slim/>
List-Post: <mailto:slim@ietf.org>
List-Help: <mailto:slim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/slim>, <mailto:slim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2015 07:35:34 -0000

Barry said:

"What I think is not agreed upon is whether this work needs to be gated
on an overall privacy analysis of adding information (in general) to
SIP calls."

[BA] Brian Rosen has made the point that (at a high level) we already know
what that security/privacy analysis is going to say, because including
language information in SDP or SIP headers does not change the fundamental
security properties of SIP.  So gating the work on that analysis is like
hoping that your next viewing of The Shining will have a more pleasant
ending.

The security facilities of SIP are well understood and their properties
have been analyzed before.  We have SIP over TLS, which is hbh,
 (undeployed) S/MIME, which can protect message bodies e2e, and RFC
4474bis.

We also more or less understand what a privacy analysis would say:  if the
user wants to provide information to enable better routing of their call
(e.g. language preference), this information cannot be kept secret from the
proxies that do the routing.



On Thu, Oct 1, 2015 at 12:03 PM, Barry Leiba <barryleiba@computer.org>
wrote:

> (It doesn't help that Stephen got removed from the CC list on this
> part of the thread, and it might be best to put the IESG back onto it
> also; I'm doing both here.)
>
> > Is there anyone against the view that this discussion can take place when
> > composing the security chapters, and does not influence the charter?
> >
> > The discussion is good, and material can be collected for the security
> > chapters.
>
> Thanks, Gunnar; this is where my mind is on the point.  Stephen,
> though, seems to have a position that this work shouldn't proceed
> until a broader analysis is done.  I'm very much not convinced of
> that, and I'd like more from Stephen on that point.
>
> I think everyone agrees that whatever documents are produced by this
> working group have to consider the privacy issues raised by language
> labelling.  I don't think we need that explicitly called out in the
> charter ("The working group must eat its vegetables."), but I'm happy
> to have text in there if there's some specific text proposed.
>
> What I think is not agreed upon is whether this work needs to be gated
> on an overall privacy analysis of adding information (in general) to
> SIP calls.
>
> Let's please continue the discussion on that *with* Stephen and the
> IESG in the loop.
>
> Barry
>
> _______________________________________________
> SLIM mailing list
> SLIM@ietf.org
> https://www.ietf.org/mailman/listinfo/slim
>

v2.23.0 | Report a Bug | By Email