On 01/14/2014 10:00 PM, Melinda Shore wrote: > On 1/14/14 12:45 PM, Fred Baker (fred) wrote: >> So the question in the shepherd's report should not be "tell me you >> thought about the EU Data Retention Initiative and whether your >> protocol's data identifies an individual". It should be "what >> personal, equipment, or session identifiers, encrypted or otherwise, >> are carried in your protocol? How might they be correlated with >> offline data or otherwise used to infer the identity or behavior of >> an individual?" > > I agree - I think this is a useful framing, beyond the question > of actual traffic inspection. It's pretty clear that there's > been a lot of data mining, as well, and we haven't thought very > carefully about what we may be leaking inadvertently. This is > particularly a concern as efforts like geonet start to ramp > up.
I do like the idea that shepherds would report on this topic (or more generally on security and privacy) in their write-ups, but have a genetic dislike of the way we used to have a 1000-point questionnaire for shepherds to fill in. And a lot of the current shepherd write-ups we get tend to be out of date wrt e.g. IPR so I'm pretty convinced that we shouldn't hardcode shepherd write-ups into RFCs on this topic, since that level of process is liable to change relatively often. OTOH, as a "new" thing for WGs to consider, it might be quite useful if shepherds are prompted to not forget about pervasive monitoring. So I'm in two minds here really. I figure that this is something where we'll have to learn as we go. Maybe we should look at a tool that randomly (but not uniformly randomly) picks a small number of hard questions from a long list and asks the shepherd to answer those. Sort of a write-up bingo;-) I'd be interested if someone wanted to start work on some WG-chair/shepherd guidance for how to consider pervasive monitoring. That'd likely take a while to get baked, and would maybe end up not (just) as an RFC, but as training material and/or an IESG statement or something, but could easily start as an I-D. Any takers? S _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
