Hi Brian, Thanks for your comments.
On Sep 23, 2013, at 3:40 AM, Brian Trammell <[email protected]> wrote: > hi Stephen, all, > > (copying ietf-privacy as requested in the draft) > > I've read the draft; it's a very good and welcome start at extending 6973 to > a set of concrete recommendations for protocol design. I've got one comment > on opportunistic encryption, though: > > In section 3, halfway down the page: "...at minimum, opportunistic encryption > needs to be well-defined for almost all new IETF standards track protocols." > > I understand the rationale behind that "almost", but the lines around it will > need to be very clearly drawn. On brief consideration, I cannot think of a > single _new_ protocol for which opportunistic encryption shouldn't be the > default, for reasons other than interoperability with an existing protocol > that has a significant installed base. Even in such cases, I think it would > be useful to be very clear that communication in the clear for > interoperability is an exception, a "legacy" mode, "to be deprecated", or > other not-very-happy-sounding words that mean "we realize we're stuck with it > in this case but that's really no excuse." I have not been super comfortable with the "almost" either. I've been thinking instead of something like: "As a consequence, at minimum, opportunistic encryption needs to be well-defined for new IETF standards track protocols. This requirement may be waved only in exceptional circumstances where the protocol's utility would be eliminated or severely diminished if opportunistic encryption were defined." > > The information radiated even from protocols which have no obvious connection > with personal data can be correlated with other information which can paint a > very rich behavioral picture, that only takes one unprotected link in the > chain to associate with an identity. Opportunistic encryption everywhere > reduces the content of this radiated information, as well as reducing the > risk of unprotected links holding some associable identifier. So exceptions > will have to be very well justified if an aim of this work is protection of > privacy against pervasive surveillance. I'm not ready to ink this on my skin, but it does seem like good text to add to the document, with minimal tweaks. :) Alissa > > Cheers, > > Brian > > On Sep 20, 2013, at 6:36 PM, Stephen Farrell <[email protected]> > wrote: > >> >> FYI. Comments welcome. >> >> S. >> >> >> -------- Original Message -------- >> Subject: New Version Notification for >> draft-cooper-ietf-privacy-requirements-00.txt >> Date: Fri, 20 Sep 2013 09:23:52 -0700 >> From: [email protected] >> To: Alissa Cooper <[email protected]>, Sean Turner <[email protected]>, >> Stephen Farrell <[email protected]> >> >> >> A new version of I-D, draft-cooper-ietf-privacy-requirements-00.txt >> has been successfully submitted by Alissa Cooper and posted to the >> IETF repository. >> >> Filename: draft-cooper-ietf-privacy-requirements >> Revision: 00 >> Title: Privacy Requirements for IETF Protocols >> Creation date: 2013-09-20 >> Group: Individual Submission >> Number of pages: 11 >> URL: >> http://www.ietf.org/internet-drafts/draft-cooper-ietf-privacy-requirements-00.txt >> Status: >> http://datatracker.ietf.org/doc/draft-cooper-ietf-privacy-requirements >> Htmlized: >> http://tools.ietf.org/html/draft-cooper-ietf-privacy-requirements-00 >> >> >> Abstract: >> It is the consensus of the IETF that IETF protocols be designed to >> avoid privacy violations to the extent possible. This document >> establishes a number of protocol design choices as Best Current >> Practices for the purpose of avoiding such violations. >> >> >> >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> >> _______________________________________________ >> perpass mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/perpass > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
