IETF Logo Mail Archive

Re: [Slim] Stephen Farrell's Block on charter-ietf-slim-00-06: (with BLOCK)

Barry Leiba <barryleiba@computer.org> Sun, 04 October 2015 21:19 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: slim@ietfa.amsl.com
Delivered-To: slim@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 533431A7020; Sun, 4 Oct 2015 14:19:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ekH1O4UqCobU; Sun, 4 Oct 2015 14:19:13 -0700 (PDT)
Received: from mail-vk0-x234.google.com (mail-vk0-x234.google.com [IPv6:2607:f8b0:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C0B31A701E; Sun, 4 Oct 2015 14:19:13 -0700 (PDT)
Received: by vkao3 with SMTP id o3so85886786vka.2; Sun, 04 Oct 2015 14:19:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=nTblv74Eb6nk4GpKyQwBWM/VBQ2LLf7gPMA/m2MU7DI=; b=sYV+GbSBo1noEykzLDpoUo0f4b7CwB5HRXObFm1dTvKhRF8iDTZL6WrtFOzDrHYVfs J8xe5LNyoahjRH5vKz2IvpZAQGliNBIS9FHfK0BKkLtFxENggHVwtGczRzD5d4J07FPx kNbn1ZGjgOiBto4nHRVMcrafzlybg34tHEyrVLSjaYEv+OlQJpqqv9Zyt3an2re4VwhC Lq9P9Vye61lHCCDZeLEQqAa5oeZCWY40dtdLI4xkCp9h3oAOD5xteSXHmbVpHyNUp7nt bUBytrczOmXNcsQo4gSFDSX8b2k6cu3iNltzkf/sYyqWCr2I3QS8opPJ55UVvelBk1C7 MIGw==
MIME-Version: 1.0
X-Received: by 10.31.192.9 with SMTP id q9mr17638829vkf.63.1443993552241; Sun, 04 Oct 2015 14:19:12 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.31.88.196 with HTTP; Sun, 4 Oct 2015 14:19:12 -0700 (PDT)
In-Reply-To: <560E4460.4030407@cs.tcd.ie>
References: <CAOW+2dvfY-gPbSOUZu9RZbcLkypWkLO3zR5Tgud9+g1nBTg5eg@mail.gmail.com> <560988C3.6080402@omnitor.se> <5609BBA6.9080101@cs.tcd.ie> <ECA94B5B-E2B1-498C-A6F8-3F037C0120E3@brianrosen.net> <560AAFB2.4060805@cs.tcd.ie> <E82ABBAA-E5A0-458B-85BD-B11116684CA4@brianrosen.net> <CAC4RtVAetrWxchMA5TDRgF=oJ34EphjB=WE1c=HSAAvtF_wPYA@mail.gmail.com> <560AFD5A.5060101@cs.tcd.ie> <CAOW+2dtWQDPKbWc9ncTxGx+fbgwHo0y9karCn-NjS8iAYwhvRw@mail.gmail.com> <560B8CC1.2060405@cs.tcd.ie> <CAOW+2dvMW75ST-X+FsLxJOjJt33jxVaqNzM0gM05VcX9UWOLDg@mail.gmail.com> <560C0716.8050404@alum.mit.edu> <476BCA21-7802-4E39-A22A-835BE66E15E8@brianrosen.net> <560C1019.80509@alum.mit.edu> <560C1436.6080200@omnitor.se> <CAC4RtVD_LZEdavqBE22OFG9VaLu0tnKTfRx-SbwU0YYQRvN6rA@mail.gmail.com> <560E4460.4030407@cs.tcd.ie>
Date: Sun, 04 Oct 2015 17:19:12 -0400
X-Google-Sender-Auth: 4rcgCD0vl4N9F5LvyjyMEIgiclM
Message-ID: <CALaySJKCG1gYBNJ-7Ts5mzm1oO64nQdzAFDvCUugJz6s8yz3JQ@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/slim/QK6EepdnhEDV3DuKMbvx82se_gM>
Cc: slim@ietf.org, IESG <iesg@ietf.org>
Subject: Re: [Slim] Stephen Farrell's Block on charter-ietf-slim-00-06: (with BLOCK)
X-BeenThere: slim@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Selection of Language for Internet Media <slim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/slim>, <mailto:slim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/slim/>
List-Post: <mailto:slim@ietf.org>
List-Help: <mailto:slim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/slim>, <mailto:slim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2015 21:19:14 -0000

> I'm asking that the analysis be somewhat broader than only
> considering language. (On the basis that if we define how to
> add language then other personal attributes are likely to
> be similarly handled in the relevant protocols, UAs and servers.)
> If one did agree with that then I do think it ought be included
> in the charter.
...
> Right, I get that the gating thing is iccky, and Bernard rightly
> points out that even when we try do all that well, the end results
> might not be so great, which is a totally fair point.

OK... given all that, I, at least, can support asking the working
group to do that kind of analysis, and including it in the charter.
I'm just one voice, so I'd like to hear from the people who will
actually do the work.  In any case, I'm certain that we will need
people from the Security Area to work on this in the working group, if
it's going to be of any real value, and I have to ask the Security ADs
to make sure we have that -- more than one person, I think, and people
who will take an active role.

> How about something like this:
>
> "It is not unlikely that once there is a method for using language
> as planned here, some implementations may similarly handle other
> personal attributes. The wg will analyse the security and privacy
> issues arising from having UAs emit language or other similar
> attributes and then handle language attributes accordingly."

How does this work, appended to the charter (at the end)?:

"Adding language information to the control streams will have security
and privacy implications that must be understood and documented, as
any protocol would have to do.  Beyond that, this may open the door to
inclusion of other information that could be more security- or
privacy-sensitive than language preferences, and it could be important
to have a close look at that early on.  Therefore, this working group
will include in its work a broader analysis of security and privacy
implications of including such information in this manner.  That
analysis may be written as a separate document, or may be included in
the working group's primary document(s).  The Security Area will
provide necessary ongoing participation for that analysis, and this
requirement will not block progress on the working group's main work
if such participation is not available."

Maybe wordier than it needs to be, but I'd like to be clear.

Barry

v2.23.0 | Report a Bug | By Email