On 9/9/2013 8:58 AM, Stephen Farrell wrote:
a) suggestions as to how to best use some face-to-face time,
On this list or the plenary or both: List topics worthy of pursuit;
develop the explanation of them as much as possible. Hence, avoid
tutorials during the BOF.
So, use the BOF to debate priorities and possible lines of development.
I'll suggest a baseline and then three major 'bins' to put topics into,
and they probably can be explored in parallel:
0. Establish the Baseline
In effect, this would be documenting real-world exposures, based on
operational data and not just conjecture. What are the actual threats
that are relevant here?
I'd also lobby for settling on a definition of privacy that helps
us pursue the current concerns. I couldn't convince the authors of RFC
6973 to choose a definition, but still feel that an effort claiming to
be about privacy needs to define it in technical and/or operational terms.
1. Implementation & Deployment Cleanup
Some problems are due to poor implementation of otherwise-well
documented and understood issues. For example, I've heard that random
number generation is one of those, with failures to fully appreciate RFC
1750. IETF work could be to:
a) document common implementation problems and their best fixes;
b) BCP(s) for integrated deployment of the relevant capabilities;
that is, noting all the necessary pieces and how they fit together, to
mitigate specific privacy-related concerns.
2. Component Robustness
For pieces of relevant technology, such as specific functional
algorithms:
a) review relevant IETF docs for sufficiency and tweak or replace
where needed;
b) identify missing components and develop them.
3. Internet-Scale Systems Issues
Document end-to-end privacy-related concerns and specify the
integrated set of mechanisms that will reasonably mitigate them. Here's
where concern about compromised intermediaries would factor in, for
example; TLS is useless for that, for any intermediary at, or above,
transport level. Another line would be meta-data vs. content analysis.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
