> On May 2, 2016, at 2:29 PM, Christian Huitema <[email protected]> wrote: > > On Sunday, May 1, 2016 4:12 PM, Dave Crocker wrote: >> >> If the term is to be a non-technical and vague reference, then let's stop > using it >> as if it were a technical term. Philosophical, academic and social terms > are >> fine; the problem is when we use them as if they pertained to technical >> specifics. > > Well, we do use the term "security" liberally, don't we? It is certainly > just as vague, but it is useful as a section header. It encourages protocol > designers to be concerned with the broad issue of security attacks. I think > that we have consensus that protocol designers should also be concerned with > the broad issue of privacy attacks.
+1. If people want to consider privacy as a heading under which we group a bunch of different kinds of attacks, that works perfectly well I think. Rather than spending a lot of time to try to find a magical two-sentence definition that everyone can agree on (which I doubt is feasible), I think the time would be better spent on refining how we define the set of attacks and mitigations against them, building on or fixing what’s in RFC 6973, possibly turning bits of that into a BCP, etc. The two sentences will not be directly actionable no matter what they say, whereas a comprehensive threat model and mitigations suite could be. Alissa > >> If we intend the term to have technical utility, it's needs precise and > useful >> definition. > > It took some time to establish categories for security attacks -- denial of > service, information disclosure, spoofing, elevation of privilege, etc. The > analysis of privacy attacks is not quite as advanced, but we start getting > broad categories, such as disclosure of the exchanged data, disclosure of > metadata, linkability of different activities, and disclosure of traffic > patterns. As we gain more experience, I expect that these categories will > stabilize. > > -- Christian Huitema > > > > > > _______________________________________________ > ietf-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-privacy _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
