Re: [urn] Stephen Farrell's Abstain on draft-ietf-urnbis-rfc2141bis-urn-21: (with COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 02 March 2017 08:11 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: urn@ietfa.amsl.com
Delivered-To: urn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DC5B129469; Thu, 2 Mar 2017 00:11:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nk04VjT3cTlr; Thu, 2 Mar 2017 00:11:06 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AA2F12941E; Thu, 2 Mar 2017 00:11:05 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A7E13BE80; Thu, 2 Mar 2017 08:11:03 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VOIDbdVJrdzF; Thu, 2 Mar 2017 08:11:02 +0000 (GMT)
Received: from [10.87.48.75] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 19089BE5C; Thu, 2 Mar 2017 08:11:02 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1488442262; bh=ECoJetzd6iYwYA9NjKZ1KucFuHbEFis7jao3B67I3q8=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=Lkyb6yL11dETV6jyM2NFDFK0OPz+TrEbtCLtas/cGUky8Caz3zD1v1/UlrIyMnKdv tE49cTZccXS+rePZoOHFej6sa2qi9PaWvt6h/9ZquEu6lzjEAE5EpYvvJiktWnjAxQ 6pK7cZwxLpELxPzDGVN+J5RnEogHcuNEcvi9laOs=
To: Peter Saint-Andre <stpeter@stpeter.im>, The IESG <iesg@ietf.org>
References: <148832863670.29552.9014381848292739838.idtracker@ietfa.amsl.com> <68d0ad57-9ba0-beb2-2fe4-2f036fce3e93@stpeter.im>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <836b3132-def8-0534-487a-bc78b69ee82c@cs.tcd.ie>
Date: Thu, 02 Mar 2017 08:11:00 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <68d0ad57-9ba0-beb2-2fe4-2f036fce3e93@stpeter.im>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="iunIeXBC18jR75kcuKNHGLqcq3sOwdEFD"
Archived-At: <https://mailarchive.ietf.org/arch/msg/urn/2yfMGvg4-X1hZ0SN_QhphEJ7-_w>
Cc: urn@ietf.org, urnbis-chairs@ietf.org, draft-ietf-urnbis-rfc2141bis-urn@ietf.org, barryleiba@computer.org
Subject: Re: [urn] Stephen Farrell's Abstain on draft-ietf-urnbis-rfc2141bis-urn-21: (with COMMENT)
X-BeenThere: urn@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Revisions to URN RFCs <urn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/urn>, <mailto:urn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/urn/>
List-Post: <mailto:urn@ietf.org>
List-Help: <mailto:urn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/urn>, <mailto:urn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 08:11:08 -0000
Hiya, On 02/03/17 03:14, Peter Saint-Andre wrote: > On 2/28/17 5:37 PM, Stephen Farrell wrote: > >> - Section 8 should I think recognise the dangers inherent >> in long-term stable identifiers helping with >> (re-)identification of people and/or network entities. > > Perhaps you could clarify what some of your concerns are here, above and > beyond the use of URIs in general (after all, a URN is a URI). Reading > between the lines, I imagine you might be worried that URNs within a > particular URN namespace (e.g., for U.S. Social Security Numbers or the > like) - once suitably resolved into one or more URLs - might enable an > attacker to determine a person's physical location (e.g., via IP > address) or actual identity (e.g., a pseudonym could "resolve" to a real > name). Are these guesses on the mark? Yep. Perhaps things like including an IMSI or IMEI (or values easily correlated with such) in the NSS part is what it'd useful to call out. I'm not sure if there are real examples of such in existing URNs but if there were it'd be a fine thing to note that including such things imposes (often unmet) requirements for e.g. confidentiality on protocols and applications that use those URNs. If may also be useful to say that things like hashing the privacy sensitive value before inclusion in the URN don't prevent correlation and can be as "good" for re-identification as the non-hashed value. The argument to include text here is that it seems to be very tempting to include that kind of information for many folks. I'm not sure if there's a useful bit of text in RFC6973 at which you could point, but it'd be worth a look. > >> While that is not the "fault" of URNs, I'd say it is worth >> warning folks who may just possibly think twice before >> creating new URNs with those failings. (Though I recognise >> that that may call for a reference to RFC6919;-) > > I'm sure you meant RFC 6920. :-) Off-by-one error:-) Cheers, S. > > Peter >
- [urn] Stephen Farrell's Abstain on draft-ietf-urn… Stephen Farrell
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Hakala, Juha E
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Martin J. Dürst
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Peter Saint-Andre
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Stephen Farrell
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Martin J. Dürst
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Martin J. Dürst
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… John C Klensin
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Stephen Farrell
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Stephen Farrell
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… John C Klensin
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Peter Saint-Andre
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Stephen Farrell
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… John C Klensin
- Re: [urn] Stephen Farrell's Abstain on draft-ietf… Peter Saint-Andre