Stephen: Thank you for the suggestion.
Sue -----Original Message----- From: Stephen Farrell [mailto:[email protected]] Sent: Thursday, March 17, 2016 9:28 AM To: Joel Halpern; Susan Hares; 'The IESG' Cc: [email protected]; [email protected]; [email protected]; [email protected] Subject: Re: Stephen Farrell's No Objection on draft-ietf-i2rs-architecture-13: (with COMMENT) On 17/03/16 13:25, Joel Halpern wrote: > Can you suggest wording to add to the architecture document to reflect this > consideration? Maybe something along the lines of: "If an i2rs agent or client is such that it is likely tightly correlated with a person (say if an agent is running on someone's phone to control tethering) then that can raise privacy issues, over and above.the security and privacy issues that normally need to be handled in i2rs. For example, if an i2rs interaction enabled easier location tracking in the above example. i2rs protocols should consider if such privacy issues can arise when clients or agents are used for such use-cases." Cheers S. > > Yours, > Joel > > -----Original Message----- > From: Stephen Farrell [mailto:[email protected]] > Sent: Thursday, March 17, 2016 2:23 PM > To: Joel Halpern; Susan Hares; 'The IESG' > Cc: [email protected]; [email protected]; [email protected]; > [email protected] > Subject: Re: Stephen Farrell's No Objection on > draft-ietf-i2rs-architecture-13: (with COMMENT) > > > > On 17/03/16 13:15, Joel Halpern wrote: >> I would hope that I2RS could be used for that (applying policy to home >> devices) use case. > > Ah. Good to know. > >> >> But I am not at all clear how I2RS could protect the IP address of the >> router >> containing the communicating I2RS agent. We have to have an available IP >> address for IP Routing. > > I didn't say it needed protecting (as in encrypting) necessarily, > but that it could be more sensitive. > >> >> I am also not clear why this IP address is particularly more sensitive than >> an >> enterprise device IP address, or a router inside an ISP. > > In general, if an identifier is also something one can correlate > with a person, or with a person's movements or presence, then it > is more privacy sensitive. If you can tell I'm at home because of > an i2rs event say. > > For a router on the 4th floor of an office building, those are > less likely interesting issues. > > In the home case, one needs to think more about such stuff than > in the office case basically. > > Whether/how that impacts on protocol design is hard to say. But > it's good to know that it's something that i2rs needs to consider. > > Cheers, > S. > > >> >> Yours, >> Joel >> >> -----Original Message----- >> From: Stephen Farrell [mailto:[email protected]] >> Sent: Thursday, March 17, 2016 2:11 PM >> To: Susan Hares; 'The IESG' >> Cc: [email protected]; [email protected]; >> [email protected]; [email protected] >> Subject: Re: Stephen Farrell's No Objection on >> draft-ietf-i2rs-architecture-13: (with COMMENT) >> >> >> Hiya, >> >> Just on that one point (the rest seems fine): >> >> On 17/03/16 13:00, Susan Hares wrote: >>>>> - If i2rs were used to control home networks, then that would >>>>> raise more privacy issues, e.g. the agent's IP address can be >>>>> privacy sensitive. Would it be useful to rule that out of >>>> scope? E.g. to say that i2rs SHOULD NOT be used where the >>>> agent/router in question >>>>> is specific to one person or home? >> >>> Sue: I'm really not sure what you are getting at. Data in routers >>> is privacy sensitive. Data between I2RS Agent and I2RS client will be >>> encrypted except in very, very rare circumstances where is defined to >>> be public data in the data model. SECDIR, OPSDIR, RTGWG, >>> Transport-directorate will be asked to review any IETF data model >>> that claims this is the case to validate it is appropriate. So... I >>> think we are going beyond what people use for home networks. >> >> Let's assume all client/agent stuff is wonderfully protected >> e.g. via TLS. >> >> Normally, the fact that a client at IP1 is managing an agent at >> IP2, which is still visible despite the TLS, is not much of a >> deal. Nor is it a deal when that happens, e.g. in reaction to >> some other event, perhaps even one triggered by an attacker. >> >> But if the agent is my home g/w, then the sensitivity level goes >> up I think, or at least it can. The reason is that the agent's >> address (IP2) is tied to me. If the agent was on my phone (e.g. >> for tethering) then it'd be even more of a deal perhaps, as I >> carry it with me. >> >> If i2rs just isn't intended for such use-cases, it may be worth >> saying that was all I meant. >> >> Cheers, >> S. >> >> >>> >> > _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
