Hi Linus,
thanks for your review. I have taken your comments into account and have
updated the document accordingly. Here is the new version:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/surveillance/draft-tschofenig-perpass-surveillance-01.txt
Regarding the question about meta-data vs. actual content I believe that
is subject of a separate document, namely the one that Brian Trammell
wrote.
The other thing is that I wanted to keep it at a high level since the
document is only supposed to provide an introduction to the plenary.
Ciao
Hannes
On 10/23/2013 09:57 AM, Linus Nordberg wrote:
Hi Hannes,
Thanks for writing draft-tschofenig-perpass-surveillance-00. I wish I
could muster the powers needed to make text.
Generally, I lack information about what's often called meta-data or
traffic data and the key issue here -- linkability. I don't really know
what I want to say here. I started a private thread with Stephen about a
month ago but then dropped the ball. It's quite broad and I don't know
how to tackle it really.
Should 2.2 mention IPv4? Widely (heh) deployed protocol leaking
meta-data by design. I think it should be touched upon even if we don't
expect changes to it. Maybe that's exactly why we must mention it
somewhere -- some people do not grasp it while others might be hesitant
to touch the issue. IPv6 is another one. I bet there are more.
Typos and other minor things.
- Is the expire date 2014-04-24 correct?
- 2.1. s/a a/a/1
- 2.1. s/'crypto-aglity'/'crypto-agility'/1
- 2.2. s/exploided/exploited/1
- 2.4. last sentence "With the juridiction [...]" needs some love.
- 3. copied from another document
- 6. [10] and [11], swap Nadia and IETF
Http vs https. (Flogging a dead horse?)
- 6. the following urls could and should be https rather than http:
http://packetstormsecurity.com/files/105499/Browser-Exploit-Against-SSL-TLS.html
http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters
- 6. (and other places) the following urls should be https even if they
redirect to https, both for educational reasons and for security/privacy
(not leaking the full url, not having to trust that a hijacker doesn't
eat the redirect):
http://www.ietf.org/mail-archive/web/perpass/current/maillist.html
http://datatracker.ietf.org/drafts/current/
- 6. (and other places) the following urls should have a warning about
not being https or perhaps have their content mirrored on a site
providing https (with a proper certificate):
http://boingboing.net/2013/08/05/anti-tor-malware-reported-back.html
http://fileperms.org/whatsapp-is-broken-really-broken/ (bad certificate)
http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/ (bad
certificate)
http://www.tschofenig.priv.at (bad certificate)
http://trustee.ietf.org/license-info (404)
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
