From turners@ieca.com Tue Oct 18 08:40:45 2011 Return-Path: X-Original-To: privacydir@ietfa.amsl.com Delivered-To: privacydir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9155121F8A55 for ; Tue, 18 Oct 2011 08:40:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.349 X-Spam-Level: X-Spam-Status: No, score=-102.349 tagged_above=-999 required=5 tests=[AWL=-0.083, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPJEBMrs7MEF for ; Tue, 18 Oct 2011 08:40:45 -0700 (PDT) Received: from gateway04.websitewelcome.com (gateway04.websitewelcome.com [67.18.125.4]) by ietfa.amsl.com (Postfix) with SMTP id EB24421F8A7B for ; Tue, 18 Oct 2011 08:40:44 -0700 (PDT) Received: (qmail 11976 invoked from network); 18 Oct 2011 15:39:42 -0000 Received: from gator1743.hostgator.com (184.173.253.227) by gateway04.websitewelcome.com with SMTP; 18 Oct 2011 15:39:42 -0000 Received: from [96.241.1.83] (port=48097 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1RGBmV-0004xg-2u for privacydir@ietf.org; Tue, 18 Oct 2011 10:40:43 -0500 Message-ID: <4E9D9DFB.3070305@ieca.com> Date: Tue, 18 Oct 2011 11:40:43 -0400 From: Sean Turner User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: privacydir@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator1743.hostgator.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ieca.com X-BWhitelist: no X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: (thunderfish.local) [96.241.1.83]:48097 X-Source-Auth: sean.turner@ieca.com X-Email-Count: 16 X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20= Subject: [privacydir] draft-jdfalk-maawg-cfblbcp X-BeenThere: privacydir@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2011 15:40:45 -0000 I'm not sure if anybody else read the following draft: Complaint Feedback Loop Operational Recommendations http://datatracker.ietf.org/doc/draft-jdfalk-maawg-cfblbcp/ It's interesting that it has a privacy considerations and terms of use, which to me read somewhat (but not exactly) like what Hannes posted as the Fair Information Practices (FIPs) earlier this month on the IETF list, apply to the Feedback Provider (read ISP) and Feedback Consumer (read another ISP) but not to the End User who reported the Spam. Thoughts? spt From acooper@cdt.org Sun Oct 23 03:20:06 2011 Return-Path: X-Original-To: privacydir@ietfa.amsl.com Delivered-To: privacydir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D46721F8AEA for ; Sun, 23 Oct 2011 03:20:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.241 X-Spam-Level: X-Spam-Status: No, score=-102.241 tagged_above=-999 required=5 tests=[AWL=0.358, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J4uc5aKjcJ6o for ; Sun, 23 Oct 2011 03:20:06 -0700 (PDT) Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id E7B4021F8AE9 for ; Sun, 23 Oct 2011 03:20:05 -0700 (PDT) X-Footer: Y2R0Lm9yZw== Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)) for privacydir@ietf.org; Sun, 23 Oct 2011 06:19:40 -0400 From: Alissa Cooper Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Sun, 23 Oct 2011 11:19:39 +0100 References: <20111023084622.32271.98066.idtracker@ietfa.amsl.com> To: privacydir@ietf.org Message-Id: Mime-Version: 1.0 (Apple Message framework v1084) X-Mailer: Apple Mail (2.1084) Subject: [privacydir] Fwd: New Version Notification for draft-iab-privacy-considerations-01.txt X-BeenThere: privacydir@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Oct 2011 10:20:06 -0000 A new version of the privacy considerations document is available at = http://tools.ietf.org/html/draft-iab-privacy-considerations-01. There is = new guidance in section 4 that privacy reviewers might find helpful. It = is still in flux (see comments from various IAB members about how to = improve it [1]), but hopefully useful in its current form. If you have feedback about the guidance or the rest of the document, = please share with both iab@iab.org and ietf-privacy@ietf.org. Alissa [1] = http://trac.tools.ietf.org/group/iab/trac/query?component=3Ddraft-morris-p= rivacy-considerations&col=3Did&col=3Dsummary&col=3Dstatus&col=3Dtype&col=3D= priority&col=3Dmilestone&col=3Dcomponent&order=3Dpriority Begin forwarded message: > From: internet-drafts@ietf.org > Date: October 23, 2011 9:46:22 AM GMT+01:00 > To: acooper@cdt.org > Cc: hannes.tschofenig@gmx.net, ietf@jmorris.org, acooper@cdt.org, = bernarda@microsoft.com, jon.peterson@neustar.biz > Subject: New Version Notification for = draft-iab-privacy-considerations-01.txt >=20 > A new version of I-D, draft-iab-privacy-considerations-01.txt has been = successfully submitted by Alissa Cooper and posted to the IETF = repository. >=20 > Filename: draft-iab-privacy-considerations > Revision: 01 > Title: Privacy Considerations for Internet Protocols > Creation date: 2011-10-23 > WG ID: Individual Submission > Number of pages: 15 >=20 > Abstract: > This document offers guidance for developing privacy considerations > for IETF documents and aims to make protocol designers aware of > privacy-related design choices. >=20 > Discussion of this document is taking place on the IETF Privacy > Discussion mailing list (see > https://www.ietf.org/mailman/listinfo/ietf-privacy). >=20 >=20 >=20 >=20 > The IETF Secretariat >=20 From acooper@cdt.org Wed Oct 26 03:03:51 2011 Return-Path: X-Original-To: privacydir@ietfa.amsl.com Delivered-To: privacydir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6A7321F8AF9 for ; Wed, 26 Oct 2011 03:03:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.281 X-Spam-Level: X-Spam-Status: No, score=-102.281 tagged_above=-999 required=5 tests=[AWL=0.318, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fb+iaQeSJi9u for ; Wed, 26 Oct 2011 03:03:51 -0700 (PDT) Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id B4C6021F8A66 for ; Wed, 26 Oct 2011 03:03:47 -0700 (PDT) X-Footer: Y2R0Lm9yZw== Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Wed, 26 Oct 2011 06:03:36 -0400 Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Alissa Cooper In-Reply-To: <4E9D9DFB.3070305@ieca.com> Date: Wed, 26 Oct 2011 04:03:35 -0600 Content-Transfer-Encoding: quoted-printable Message-Id: <351CA0DB-C195-4C71-8F39-24CC78885806@cdt.org> References: <4E9D9DFB.3070305@ieca.com> To: Sean Turner X-Mailer: Apple Mail (2.1084) Cc: privacydir@ietf.org Subject: Re: [privacydir] draft-jdfalk-maawg-cfblbcp X-BeenThere: privacydir@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2011 10:03:51 -0000 The two sections you mention do map to a subset of the FIPs -- = collection limitation, purpose specification, data quality, use = limitation, and openness to some extent (I'm using the OECD FIPS = available at = http://www.oecd.org/document/18/0,3746,en_2649_34255_1815186_1_1_1_1,00&&e= n-USS_01DBC.html#part2). But I agree with you that there are other = important ones missing, namely individual participation, which would = give Message Recipients the ability to control whether feedback gets = sent, and also openness vis a vis Message Recipients, which would allow = them to be informed about the fact that feedback gets sent when they hit = the 'report spam' button. To put it another way, I doubt that people = realize that when they click 'report spam' that a message goes back to = the spammer's mailbox provider, and this is something that they should = be able to find out and have decoupled from any local mail client = features associated with spam reporting (like sending the offending = message to a spam folder). The other missing FIPs are accountability (can Message Recipeints see = logs of feedback that has been sent in the past?) and security (not sure = this one is highly relevant here). Alissa On Oct 18, 2011, at 9:40 AM, Sean Turner wrote: > I'm not sure if anybody else read the following draft: > Complaint Feedback Loop Operational Recommendations > http://datatracker.ietf.org/doc/draft-jdfalk-maawg-cfblbcp/ >=20 > It's interesting that it has a privacy considerations and terms of = use, which to me read somewhat (but not exactly) like what Hannes posted = as the Fair Information Practices (FIPs) earlier this month on the IETF = list, apply to the Feedback Provider (read ISP) and Feedback Consumer = (read another ISP) but not to the End User who reported the Spam. >=20 > Thoughts? >=20 > spt > _______________________________________________ > privacydir mailing list > privacydir@ietf.org > https://www.ietf.org/mailman/listinfo/privacydir >=20 From turners@ieca.com Wed Oct 26 04:58:52 2011 Return-Path: X-Original-To: privacydir@ietfa.amsl.com Delivered-To: privacydir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AB6A21F8AD8 for ; Wed, 26 Oct 2011 04:58:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.115 X-Spam-Level: X-Spam-Status: No, score=-101.115 tagged_above=-999 required=5 tests=[AWL=-1.150, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, MANGLED_SPAM=2.3, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JixJhRs-H1ie for ; Wed, 26 Oct 2011 04:58:51 -0700 (PDT) Received: from gateway09.websitewelcome.com (gateway09.websitewelcome.com [67.18.44.5]) by ietfa.amsl.com (Postfix) with SMTP id 84B8521F89BA for ; Wed, 26 Oct 2011 04:58:51 -0700 (PDT) Received: (qmail 5806 invoked from network); 26 Oct 2011 11:55:11 -0000 Received: from gator1743.hostgator.com (184.173.253.227) by gateway09.websitewelcome.com with SMTP; 26 Oct 2011 11:55:11 -0000 Received: from [71.191.12.44] (port=39813 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1RJ288-0002jT-Jf; Wed, 26 Oct 2011 06:58:49 -0500 Message-ID: <4EA7F5F8.7080006@ieca.com> Date: Wed, 26 Oct 2011 07:58:48 -0400 From: Sean Turner User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: Alissa Cooper References: <4E9D9DFB.3070305@ieca.com> <351CA0DB-C195-4C71-8F39-24CC78885806@cdt.org> In-Reply-To: <351CA0DB-C195-4C71-8F39-24CC78885806@cdt.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator1743.hostgator.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ieca.com X-BWhitelist: no X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: pool-71-191-12-44.washdc.east.verizon.net (thunderfish.local) [71.191.12.44]:39813 X-Source-Auth: sean.turner@ieca.com X-Email-Count: 6 X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20= Cc: privacydir@ietf.org Subject: Re: [privacydir] draft-jdfalk-maawg-cfblbcp X-BeenThere: privacydir@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2011 11:58:52 -0000 The rest of the story with this draft is that it's just a re-publication of a MAAWG document. MAAWG isn't an IETF WG. It's getting published without the "This is an IETF consensus document" sentence even though it went through IETF LC because MAAWG is going to retain change control. So, if we want to make any change to what's in this particular draft we'd have to go to MAAWG. However, when/if an IETF WG refers to this document (likely a MARF draft) - we'll make them address these concerns. spt On 10/26/11 6:03 AM, Alissa Cooper wrote: > The two sections you mention do map to a subset of the FIPs -- collection limitation, purpose specification, data quality, use limitation, and openness to some extent (I'm using the OECD FIPS available at http://www.oecd.org/document/18/0,3746,en_2649_34255_1815186_1_1_1_1,00&&en-USS_01DBC.html#part2). But I agree with you that there are other important ones missing, namely individual participation, which would give Message Recipients the ability to control whether feedback gets sent, and also openness vis a vis Message Recipients, which would allow them to be informed about the fact that feedback gets sent when they hit the 'report spam' button. To put it another way, I doubt that people realize that when they click 'report spam' that a message goes back to the spammer's mailbox provider, and this is something that they should be able to find out and have decoupled from any local mail client features associated with spam reporting (like sending the offending message to a s pam folder). > > The other missing FIPs are accountability (can Message Recipeints see logs of feedback that has been sent in the past?) and security (not sure this one is highly relevant here). > > Alissa > > On Oct 18, 2011, at 9:40 AM, Sean Turner wrote: > >> I'm not sure if anybody else read the following draft: >> Complaint Feedback Loop Operational Recommendations >> http://datatracker.ietf.org/doc/draft-jdfalk-maawg-cfblbcp/ >> >> It's interesting that it has a privacy considerations and terms of use, which to me read somewhat (but not exactly) like what Hannes posted as the Fair Information Practices (FIPs) earlier this month on the IETF list, apply to the Feedback Provider (read ISP) and Feedback Consumer (read another ISP) but not to the End User who reported the Spam. >> >> Thoughts? >> >> spt >> _______________________________________________ >> privacydir mailing list >> privacydir@ietf.org >> https://www.ietf.org/mailman/listinfo/privacydir >> > > > From turners@ieca.com Wed Oct 26 07:34:20 2011 Return-Path: X-Original-To: privacydir@ietfa.amsl.com Delivered-To: privacydir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92E6B21F8B55 for ; Wed, 26 Oct 2011 07:34:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.978 X-Spam-Level: X-Spam-Status: No, score=-101.978 tagged_above=-999 required=5 tests=[AWL=0.288, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 38weyjgA1SY4 for ; Wed, 26 Oct 2011 07:34:20 -0700 (PDT) Received: from gateway14.websitewelcome.com (gateway14.websitewelcome.com [67.18.7.4]) by ietfa.amsl.com (Postfix) with SMTP id E0BA221F8B4C for ; Wed, 26 Oct 2011 07:34:19 -0700 (PDT) Received: (qmail 32762 invoked from network); 26 Oct 2011 14:43:19 -0000 Received: from gator1743.hostgator.com (184.173.253.227) by gateway14.websitewelcome.com with SMTP; 26 Oct 2011 14:43:19 -0000 Received: from [71.191.4.220] (port=42269 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1RJ4Yb-0005PG-7Q for privacydir@ietf.org; Wed, 26 Oct 2011 09:34:17 -0500 Message-ID: <4EA81A69.4090505@ieca.com> Date: Wed, 26 Oct 2011 10:34:17 -0400 From: Sean Turner User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: privacydir@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator1743.hostgator.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ieca.com X-BWhitelist: no X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: pool-71-191-4-220.washdc.east.verizon.net (thunderfish.local) [71.191.4.220]:42269 X-Source-Auth: sean.turner@ieca.com X-Email-Count: 2 X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20= Subject: [privacydir] draft-ietf-vcarddav-birth-death-extensions X-BeenThere: privacydir@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2011 14:34:20 -0000 The following draft is on the IESG telechat for next week: http://datatracker.ietf.org/doc/draft-ietf-vcarddav-birth-death-extensions/ Does anybody know of where to find some generic privacy guidelines for vCard? Personally, I'd never fire around POB in a vCard, but a lot of people do shoot around all kinds of things in vCards. spt From stephen.farrell@cs.tcd.ie Thu Oct 27 09:07:22 2011 Return-Path: X-Original-To: privacydir@ietfa.amsl.com Delivered-To: privacydir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2815321F8C0A for ; Thu, 27 Oct 2011 09:07:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XGR+Ss-xSWla for ; Thu, 27 Oct 2011 09:07:21 -0700 (PDT) Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 7C96321F8C06 for ; Thu, 27 Oct 2011 09:07:21 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id E4C43171C6D for ; Thu, 27 Oct 2011 17:07:20 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1319731640; bh=xcO73JWfDOTME7aJDyQMooGv dvXJ7EPXr3jww4NLyNA=; b=Ht6J3I1KFUvKoBPrmt1HCndbMICUptFhL+Rl2hRZ OD2IIsQi8JlrLN+1OQVGfhL0YyV+xNl3F2dQXzONvKZO9uqhrX1wFagQ2fnixNHA ZJzxpIJGW98vmT8u5EIBFW1BwQDTCc6D24wt3b/VOFPC/fBIogsCxNL1DxpUn9LE De/ekdZuz+yXWXaLB8p/zbphFlIz04j2gEhVrRChy50eimFIzU3TTNFTyI+ZG8dJ Uwo73f5xtpGMUftwjRii+7+5AUxFYOtRNDNQwbfq3HAiryfqv+XjQ9+JHG7ADBwj Uy+Cq/6wvKZQO7iUUMgAuTH5U4aXkwAgFK0wxt7t8GuqLQ== X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id lPgH+SQb0uNa for ; Thu, 27 Oct 2011 17:07:20 +0100 (IST) Received: from [IPv6:2001:770:10:203:a288:b4ff:fe9c:bc5c] (unknown [IPv6:2001:770:10:203:a288:b4ff:fe9c:bc5c]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 890AB171C17 for ; Thu, 27 Oct 2011 17:07:20 +0100 (IST) Message-ID: <4EA981A9.2080200@cs.tcd.ie> Date: Thu, 27 Oct 2011 17:07:05 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: privacydir@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [privacydir] request for a SAVI doc review X-BeenThere: privacydir@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2011 16:07:22 -0000 Hi, There's a SAVI document [1] on the Nov 3 telechat. I'd appreciate a review of that from a privacy perspective if someone has the time in the next week. (Just reply to this if you've time.) Previous SAVI documents have generated privacy related DISCUSSes [2,3] which may be useful background. Thanks in advance, S. [1] https://datatracker.ietf.org/doc/draft-ietf-savi-framework/ [2] https://datatracker.ietf.org/doc/draft-ietf-savi-fcfs/ [3] https://datatracker.ietf.org/doc/draft-ietf-savi-threat-scope/ From ted.ietf@gmail.com Thu Oct 27 11:52:36 2011 Return-Path: X-Original-To: privacydir@ietfa.amsl.com Delivered-To: privacydir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A1BA21F8B67 for ; Thu, 27 Oct 2011 11:52:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.545 X-Spam-Level: X-Spam-Status: No, score=-2.545 tagged_above=-999 required=5 tests=[AWL=-0.613, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9D4Se-y3KlR9 for ; Thu, 27 Oct 2011 11:52:36 -0700 (PDT) Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id D41EC21F8B62 for ; Thu, 27 Oct 2011 11:52:32 -0700 (PDT) Received: by ggnv1 with SMTP id v1so3455455ggn.31 for ; Thu, 27 Oct 2011 11:52:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7/mrlODdYwUPMkJEwXJgWYaoqzDjhpknN7FH1JD3hG4=; b=YF4qp0UWdwlJeA7vovtngiYhNeeHfOTfG9cts5qsUEcziIQRyW4C/1CvCHPZUFffBi B9EtzsksEKyGHhDWB3HWj0TPLZ49fEDH2FBxKHBFSQORWVBMEEuUEQtbIqzaKZ8UTBPr zRhRZ+eWU44kQQCXKt9U2UfLsfWct2Uw+e1f8= MIME-Version: 1.0 Received: by 10.236.124.17 with SMTP id w17mr39388124yhh.126.1319741550320; Thu, 27 Oct 2011 11:52:30 -0700 (PDT) Received: by 10.236.105.169 with HTTP; Thu, 27 Oct 2011 11:52:30 -0700 (PDT) In-Reply-To: <4EA981A9.2080200@cs.tcd.ie> References: <4EA981A9.2080200@cs.tcd.ie> Date: Thu, 27 Oct 2011 11:52:30 -0700 Message-ID: From: Ted Hardie To: Stephen Farrell Content-Type: multipart/alternative; boundary=20cf300e4fbf4d5c0404b04c4625 Cc: privacydir@ietf.org Subject: Re: [privacydir] request for a SAVI doc review X-BeenThere: privacydir@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2011 18:52:36 -0000 --20cf300e4fbf4d5c0404b04c4625 Content-Type: text/plain; charset=ISO-8859-1 I can take a look at it, but someone else from a different part of the stack might be a good idea. Any other volunteers? Ted On Thu, Oct 27, 2011 at 9:07 AM, Stephen Farrell wrote: > > Hi, > > There's a SAVI document [1] on the Nov 3 telechat. I'd appreciate > a review of that from a privacy perspective if someone has the > time in the next week. (Just reply to this if you've time.) > > Previous SAVI documents have generated privacy related > DISCUSSes [2,3] which may be useful background. > > Thanks in advance, > S. > > [1] https://datatracker.ietf.org/**doc/draft-ietf-savi-framework/ > [2] https://datatracker.ietf.org/**doc/draft-ietf-savi-fcfs/ > [3] https://datatracker.ietf.org/**doc/draft-ietf-savi-threat-**scope/ > > ______________________________**_________________ > privacydir mailing list > privacydir@ietf.org > https://www.ietf.org/mailman/**listinfo/privacydir > --20cf300e4fbf4d5c0404b04c4625 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I can take a look at it, but someone else from a different part of the stac= k might be a good idea.

Any other volunteers?

Ted

On Thu, Oct 27, 2011 at 9:07 AM, Stephen Farrell <stephen.far= rell@cs.tcd.ie> wrote:

Hi,

There's a SAVI document [1] on the Nov 3 telechat. I'd appreciate a review of that from a privacy perspective if someone has the
time in the next week. (Just reply to this if you've time.)

Previous SAVI documents have generated privacy related
DISCUSSes [2,3] which may be useful background.

Thanks in advance,
S.

[1] https://datatracker.ietf.org/doc/draft-ietf-savi-= framework/
[2] https://datatracker.ietf.org/doc/draft-ietf-savi-fcfs/=
[3] https://datatracker.ietf.org/doc/draft-ietf-sa= vi-threat-scope/

_______________________________________________
privacydir mailing list
privacydir@ietf.or= g
https://www.ietf.org/mailman/listinfo/privacydir

--20cf300e4fbf4d5c0404b04c4625-- From rbarnes@bbn.com Thu Oct 27 13:52:49 2011 Return-Path: X-Original-To: privacydir@ietfa.amsl.com Delivered-To: privacydir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E7A921F8BA9 for ; Thu, 27 Oct 2011 13:52:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wlo2hlL2lO-h for ; Thu, 27 Oct 2011 13:52:48 -0700 (PDT) Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id BCC8921F8BA8 for ; Thu, 27 Oct 2011 13:52:48 -0700 (PDT) Received: from [128.89.254.206] (port=50600 helo=[192.168.100.105]) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.74 (FreeBSD)) (envelope-from ) id 1RJWwQ-0004YW-Rs; Thu, 27 Oct 2011 16:52:47 -0400 Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Richard L. Barnes" In-Reply-To: Date: Thu, 27 Oct 2011 16:52:44 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4EA981A9.2080200@cs.tcd.ie> To: Ted Hardie X-Mailer: Apple Mail (2.1084) Cc: privacydir@ietf.org Subject: Re: [privacydir] request for a SAVI doc review X-BeenThere: privacydir@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2011 20:52:49 -0000 I already did a review of draft-ietf-savi-threat-scope back in June, = which noted some major issues: The document has not been updated since then, so those comments stand. --Richard On Oct 27, 2011, at 2:52 PM, Ted Hardie wrote: > I can take a look at it, but someone else from a different part of the = stack might be a good idea. >=20 > Any other volunteers? >=20 > Ted >=20 > On Thu, Oct 27, 2011 at 9:07 AM, Stephen Farrell = wrote: >=20 > Hi, >=20 > There's a SAVI document [1] on the Nov 3 telechat. I'd appreciate > a review of that from a privacy perspective if someone has the > time in the next week. (Just reply to this if you've time.) >=20 > Previous SAVI documents have generated privacy related > DISCUSSes [2,3] which may be useful background. >=20 > Thanks in advance, > S. >=20 > [1] https://datatracker.ietf.org/doc/draft-ietf-savi-framework/ > [2] https://datatracker.ietf.org/doc/draft-ietf-savi-fcfs/ > [3] https://datatracker.ietf.org/doc/draft-ietf-savi-threat-scope/ >=20 > _______________________________________________ > privacydir mailing list > privacydir@ietf.org > https://www.ietf.org/mailman/listinfo/privacydir >=20 > _______________________________________________ > privacydir mailing list > privacydir@ietf.org > https://www.ietf.org/mailman/listinfo/privacydir From ted.ietf@gmail.com Mon Oct 31 13:08:00 2011 Return-Path: X-Original-To: privacydir@ietfa.amsl.com Delivered-To: privacydir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7FE911E81F3 for ; Mon, 31 Oct 2011 13:08:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.516 X-Spam-Level: X-Spam-Status: No, score=-2.516 tagged_above=-999 required=5 tests=[AWL=-0.584, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nVRMKUVnEO7Z for ; Mon, 31 Oct 2011 13:08:00 -0700 (PDT) Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id A523411E81ED for ; Mon, 31 Oct 2011 13:07:55 -0700 (PDT) Received: by gyh20 with SMTP id 20so7535242gyh.31 for ; Mon, 31 Oct 2011 13:07:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=LNBTyLWqu7JF07R4ZZe8mHtuV2yeWO0mCjn383MsYbI=; b=V9DQWaKTPKVvPk4XPpHZyFpHTJXNqA+vh0DkGOcfuVi/M7KDxAOhmanhXRegKSPDcM xSVkCiBc1/qtdY2ApxvQ654ER/oncCjzF1H0FekX0rRlDJVe2WiBiID7/BvUpjC+BPbS 6yO/61qbQQyuFz6+bLPOGqH7Pm5VYwETxvB5w= MIME-Version: 1.0 Received: by 10.236.72.132 with SMTP id t4mr18693889yhd.58.1320091675264; Mon, 31 Oct 2011 13:07:55 -0700 (PDT) Received: by 10.236.105.169 with HTTP; Mon, 31 Oct 2011 13:07:55 -0700 (PDT) In-Reply-To: <4EA981A9.2080200@cs.tcd.ie> References: <4EA981A9.2080200@cs.tcd.ie> Date: Mon, 31 Oct 2011 13:07:55 -0700 Message-ID: From: Ted Hardie To: Stephen Farrell Content-Type: multipart/alternative; boundary=20cf300510406005e204b09dcb0a Cc: privacydir@ietf.org Subject: Re: [privacydir] request for a SAVI doc review X-BeenThere: privacydir@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2011 20:08:00 -0000 --20cf300510406005e204b09dcb0a Content-Type: text/plain; charset=ISO-8859-1 Hi Stephen, I've read through the framework document. My baseline impression is that the document makes a presumption about the relationship between the host and the network employing SAVI that is true when it is the access network (that is, the network assigning the IP address to be verified). In that deployment scenario, it is expected for the network to be able to associate layer two identifiers with the layer 3 identifier (after all, it must to be able to deliver return traffic). What's not clear to the naive reader (read: me) is how you prevent SAVI from operating from other parts of the network; that is, how does the overall framework guard against SAVI being used by some later network on-path getting access to these bindings? I assume that this is detailed elsewhere in the protocol documents, but I believe a short discussion of the privacy threat in framework, along with a pointer to the protocol mechanism would be valuable. If the expectation is that SAVI can operate from multiple places in the network (including, say, the destination network), then I believe there is a more serious privacy concern. regards, Ted Hardie On Thu, Oct 27, 2011 at 9:07 AM, Stephen Farrell wrote: > > Hi, > > There's a SAVI document [1] on the Nov 3 telechat. I'd appreciate > a review of that from a privacy perspective if someone has the > time in the next week. (Just reply to this if you've time.) > > Previous SAVI documents have generated privacy related > DISCUSSes [2,3] which may be useful background. > > Thanks in advance, > S. > > [1] https://datatracker.ietf.org/**doc/draft-ietf-savi-framework/ > [2] https://datatracker.ietf.org/**doc/draft-ietf-savi-fcfs/ > [3] https://datatracker.ietf.org/**doc/draft-ietf-savi-threat-**scope/ > > ______________________________**_________________ > privacydir mailing list > privacydir@ietf.org > https://www.ietf.org/mailman/**listinfo/privacydir > --20cf300510406005e204b09dcb0a Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi Stephen,

I've read through the framework document.=A0 My base= line impression is that the document makes a presumption about the relation= ship between the host and the network employing SAVI that is true when it i= s the access network (that is, the network assigning the IP address to be v= erified).=A0 In that deployment scenario, it is expected for the network to= be able to associate layer two identifiers with the layer 3 identifier (af= ter all, it must to be able to deliver return traffic).=A0

What's not clear to the naive reader (read: me) is how you prevent = SAVI from operating from other parts of the network; that is, how does the = overall framework guard against SAVI being used by some later network on-pa= th getting access to these bindings? I assume that this is detailed elsewhe= re in the protocol documents, but I believe a short discussion of the priva= cy threat in framework, along with a pointer to the protocol mechanism woul= d be valuable.

If the expectation is that SAVI can operate from multiple places in the= network (including, say, the destination network), then I believe there is= a more serious privacy concern.

regards,

Ted Hardie

On Thu, Oct 27, 2011 at 9:07 AM, Stephen Farrell= <stephen= .farrell@cs.tcd.ie> wrote:

Hi,

There's a SAVI document [1] on the Nov 3 telechat. I'd appreciate a review of that from a privacy perspective if someone has the
time in the next week. (Just reply to this if you've time.)

Previous SAVI documents have generated privacy related
DISCUSSes [2,3] which may be useful background.

Thanks in advance,
S.

[1] https://datatracker.ietf.org/doc/draft-ietf-savi-= framework/
[2] https://datatracker.ietf.org/doc/draft-ietf-savi-fcfs/=
[3] https://datatracker.ietf.org/doc/draft-ietf-sa= vi-threat-scope/

_______________________________________________
privacydir mailing list
privacydir@ietf.or= g
https://www.ietf.org/mailman/listinfo/privacydir

--20cf300510406005e204b09dcb0a-- From stephen.farrell@cs.tcd.ie Mon Oct 31 17:15:59 2011 Return-Path: X-Original-To: privacydir@ietfa.amsl.com Delivered-To: privacydir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B234E1F0D9F for ; Mon, 31 Oct 2011 17:15:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YYTWWuJoA7kA for ; Mon, 31 Oct 2011 17:15:58 -0700 (PDT) Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 43F9D1F0C44 for ; Mon, 31 Oct 2011 17:15:52 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 7F031171C6D; Tue, 1 Nov 2011 00:15:51 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1320106551; bh=6GoWc4ADQ1m1j5 N7q8f+T+oXGj4Z1SxcrckHtfgbwRk=; b=xRmYNleEYv1CUWHtkuazTfzGx3ujTx LCghQsONClD9920bxE6tapTwTR2VBFKFCOudZraA10jMZLC0iTB+valyPLI8/V4Y FV//EUTzMW2InG3r/arjq6AzLzfT+9YTBoLN9N3XfDRQH71hbr9lDhK3Q44hIE6G O+9L9Of6uCg3Ai+Dv9jvRNtMtSMkFjftA6HaJ6US0YIlfDeRHdoaDhG0ekmaYgh5 +B2GZCU6azppy9F7LzNiUSvUFvvRu813YLWNYczBUJgmWlt9tQsZvdrMJkKOuN3b E5V6+v3P3pfCeOIeNmMzAJukfEjCJ1lP6++7KrgKAYdWkEbPnm3Bs0VQ== X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id IpXyjEExtksx; Tue, 1 Nov 2011 00:15:51 +0000 (GMT) Received: from [10.87.48.5] (unknown [86.42.178.151]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 04829171C00; Tue, 1 Nov 2011 00:15:50 +0000 (GMT) Message-ID: <4EAF3A36.1050406@cs.tcd.ie> Date: Tue, 01 Nov 2011 00:15:50 +0000 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: Ted Hardie References: <4EA981A9.2080200@cs.tcd.ie> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: privacydir@ietf.org Subject: Re: [privacydir] request for a SAVI doc review X-BeenThere: privacydir@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Nov 2011 00:15:59 -0000 Ted, Thanks for that, the insight is helpful. Cheers, S. On 10/31/2011 08:07 PM, Ted Hardie wrote: > Hi Stephen, > > I've read through the framework document. My baseline impression is that > the document makes a presumption about the relationship between the host > and the network employing SAVI that is true when it is the access network > (that is, the network assigning the IP address to be verified). In that > deployment scenario, it is expected for the network to be able to associate > layer two identifiers with the layer 3 identifier (after all, it must to be > able to deliver return traffic). > > What's not clear to the naive reader (read: me) is how you prevent SAVI > from operating from other parts of the network; that is, how does the > overall framework guard against SAVI being used by some later network > on-path getting access to these bindings? I assume that this is detailed > elsewhere in the protocol documents, but I believe a short discussion of > the privacy threat in framework, along with a pointer to the protocol > mechanism would be valuable. > > If the expectation is that SAVI can operate from multiple places in the > network (including, say, the destination network), then I believe there is > a more serious privacy concern. > > regards, > > Ted Hardie > > On Thu, Oct 27, 2011 at 9:07 AM, Stephen Farrell > wrote: > >> >> Hi, >> >> There's a SAVI document [1] on the Nov 3 telechat. I'd appreciate >> a review of that from a privacy perspective if someone has the >> time in the next week. (Just reply to this if you've time.) >> >> Previous SAVI documents have generated privacy related >> DISCUSSes [2,3] which may be useful background. >> >> Thanks in advance, >> S. >> >> [1] https://datatracker.ietf.org/**doc/draft-ietf-savi-framework/ >> [2] https://datatracker.ietf.org/**doc/draft-ietf-savi-fcfs/ >> [3] https://datatracker.ietf.org/**doc/draft-ietf-savi-threat-**scope/ >> >> ______________________________**_________________ >> privacydir mailing list >> privacydir@ietf.org >> https://www.ietf.org/mailman/**listinfo/privacydir >> >