Hi Ekr, I think the threat below can easily mitigated by not using multi-query because that’s a client side decisions. It’s probably good to anyway document the risk described below so clients are aware of it and can make an informed decision to use multi-query or not. Can you maybe proposed 2-3 sentences to be added to address your discuss?
Thanks, Mirja > Am 12.04.2017 um 01:02 schrieb Eric Rescorla <[email protected]>: > > Eric Rescorla has entered the following ballot position for > draft-ietf-alto-multi-cost-08: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-alto-multi-cost/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > This document states: > "This document does not introduce any privacy or security issues not > already present in the ALTO protocol." > > This may be true, but it's not obvious it is, because when questions are > asked together, that's more of a privacy signature than independently. > So, suppose that application A asks for metric A and application B asks > for metric B and application C asks for A and B. If these applications > are mixed behind a CGN, with single queries then you don't know whether > you have some A clients and some B clients, but if you do multi-query, > it's clear these are C clients. This is a potentially serious issue if > (for instance) Bittorrent always asks for a very distinguished set of > parameters, so an ALTO server might use this to find Bittorrent clients. > > > > _______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
