Nick Doty <[email protected]> [2016-05-05 18:10:05 -0700]:
I do tend to agree with the conclusion that as a result we shouldn't be using "privacy" as a technical term on its own. Sentences in specs of the form "Feature X undermines privacy" or "Feature Y provides privacy to the end user" are either inappropriate, or more likely, incomplete. Instead: "Feature Y supports privacy by providing unlinkability of traffic between requests".
+1I feel thinking in terms of characteristics of privacy, rather than "privacy" is useful, since it helps us move beyond the idea that privacy is an unqualified good, to viewing it as a set of characteristics that should be considered with seriousness during protocol design.
For instance: Anonymous communication mechanisms (a privacy characteristic) allow people to avoid detection while publishing confidential third-party communications (another privacy characteristic). That violation of privacy is not something that can be tackled at a protocol level. However, that to me demonstrates that there may potentially be inherent trade-offs and conflicts, even within various privacy characteristics. Hence, viewing "privacy" as a singular idea makes no sense to me.
It might still be useful to refine a short definition that can be cited to speed up conversations on privacy at IETF or help in scoping work; NIST, for example, has been trying to come up with privacy engineering objectives analogous to the C-I-A triad for security.
Given the above, I don't see why a short definition is required or how it would be helpful. Perhaps my problem is with the word "definition", while, on the other hand, listing a set of "characteristics" or "categories" is what would be useful (and perhaps that is what was meant).
~ Pranesh -- Pranesh Prakash Policy Director, Centre for Internet and Society http://cis-india.org | tel:+91 80 40926283 sip:[email protected] | xmpp:[email protected] https://twitter.com/pranesh
signature.asc
Description: OpenPGP digital signature
_______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
