[VCARDDAV] vcards and privacy
Peter Saint-Andre <stpeter@stpeter.im> Thu, 21 April 2011 16:10 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: vcarddav@ietfc.amsl.com
Delivered-To: vcarddav@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 7C8C6E0703 for <vcarddav@ietfc.amsl.com>; Thu, 21 Apr 2011 09:10:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7HIwhdp3oTak for <vcarddav@ietfc.amsl.com>; Thu, 21 Apr 2011 09:09:59 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by ietfc.amsl.com (Postfix) with ESMTP id D0F7CE0655 for <vcarddav@ietf.org>; Thu, 21 Apr 2011 09:09:59 -0700 (PDT)
Received: from leavealone.cisco.com (72-163-0-129.cisco.com [72.163.0.129]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id CC2D940D17 for <vcarddav@ietf.org>; Thu, 21 Apr 2011 10:13:43 -0600 (MDT)
Message-ID: <4DB056D5.6020807@stpeter.im>
Date: Thu, 21 Apr 2011 10:09:57 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: CardDAV <vcarddav@ietf.org>
X-Enigmail-Version: 1.1.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms030503020804070103040502"
Subject: [VCARDDAV] vcards and privacy
X-BeenThere: vcarddav@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF vcarddav wg mailing list <vcarddav.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vcarddav>, <mailto:vcarddav-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vcarddav>
List-Post: <mailto:vcarddav@ietf.org>
List-Help: <mailto:vcarddav-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vcarddav>, <mailto:vcarddav-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2011 16:10:00 -0000
<hat type='individual'/> The security considerations section of the base spec doesn't mention that certain information might be useful to potential attackers in real life. For example, a combination of BDAY (draft-ietf-vcarddav-vcardrev) and BIRTHPLACE (draft-li-vcarddav-vcard-id-property-extensions) and some possible future extensions like MOTHERSMAIDENNAME and FIRSTPET and so on could be used to construct a fairly useful profile for the purpose of identity theft or unauthorized access to user accounts. As another example, ADR properties and GEO properties / params might contain detailed location information about an individual. Perhaps it might be helpful to check RFC 3693 for similar considerations. Do folks here think we need to say anything about such issues? Peter -- Peter Saint-Andre https://stpeter.im/
- [VCARDDAV] vcards and privacy Peter Saint-Andre
- Re: [VCARDDAV] vcards and privacy Alexey Melnikov
- Re: [VCARDDAV] vcards and privacy Peter Saint-Andre
- Re: [VCARDDAV] vcards and privacy Barry Leiba
- Re: [VCARDDAV] vcards and privacy Barry Leiba
- Re: [VCARDDAV] vcards and privacy Peter Saint-Andre
- Re: [VCARDDAV] vcards and privacy Cyrus Daboo