Protocol Privacy Considerations Russ Housley IETF Chair 8 December 2010.

Slides:

Advertisements

Similar presentations

Russ Housley IETF Chair 23 July 2012 Introduction to the IETF Standards Process.

Advertisements

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.

2012 VA IRB Administrators Meeting Stephania H. Griffin, JD, RHIA, CIPP/G VHA Privacy Officer Director, Information Access and Privacy Privacy Officer.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.

Confidentiality in Your TEAP Program By Diane A. Tennies, Ph.D., LADC Lead TEAP Health Specialist October 20,

Working Connection Computer and Network Security - Introduction - Dr. Hwajung Lee Radford University.

IPR Issues: What ’ s New (and a little of what ’ s old) Scott Brim IETF 61.

DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.

DIME WG IETF 84 DIME WG Agenda & Status Tuesday, July 31 st, 2012 Jouni Korhonen, Lionel Morand.

MPTCP – MULTIPATH TCP Interim meeting #3 20 th October 2011 audio Yoshifumi Nishida Philip Eardley.

Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,

Incident Object Description and Exchange Format

Russ Housley IETF Chair Internet2 Spring Member Meeting 28 April 2009 Successful Protocol Development.

What makes for a quality RFC? An invited talk to the MPLS WG Adrian Farrel IETF-89 London, March 2014.

IETF #82 DRINKS WG Meeting Taipei, Taiwan Fri, Nov 18 th

Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.

(we need your advice!) Jon Peterson MIT– December 2010 IETF & Privacy.

IETF Adrian Farrel & Scott Bradner. Apologies to those who have seen this before It cannot be said often enough It is fundamental to how the IETF.

APPSAWG and APPAREA General Meeting Pete & Peter Barry, Alexey, Jiankang & Murray.

NEWTRK WG Paris, August 5, Agenda 0 – agenda bashing – 10m 1 - introduction & status - chair- 10m discussion on the issues with ISD proposal.

Routing Area WG (rtgwg) IETF 86 – Orlando Chairs: Alia Atlas Alvaro Retana

Privacy Considerations for Internet Protocols Alissa Cooper 1.

IEEE MEDIA INDEPENDENT HANDOVER DCN: mugm Title: Group Management TG Opening Note Date Submitted: September 18, 2012 Presented at.

Extensible Messaging and Presence Protocol (XMPP) WG Interim Meeting, Monday, January 7,

3777 drp 1 Arbiter Report: RFC 3777 Dispute Resolution Jan Scott Bradner 12 March 2008.

1 Designing a Privacy Management System International Security Trust & Privacy Alliance.

DetNet WG 1 ST Meeting Chairs: Lou Berger Pat Thaler Secretary: Jouni Korhonen.

Web Authorization Protocol (oauth) Hannes Tschofenig.

SonOf3039 Status Russ Housley Security Area Director.

Doc.: IEEE /0698r0 Submission May 2015 Xiaoming Peng (I2R)Slide 1 Date: Authors: IEEE aj Task Group March 2015 Report.

Doc.: IEEE / 0404r0 Submission March 2015 Slide 1 TGax PHY Ad Hoc March 2015 Meeting Agenda Date: Authors:

Doc.: IEEE /0075r0 Report Nov 2011 Jon Rosdahl, CSRSlide 1 First Vice Chair Report 2011 Date: Authors:

Doc.: IEEE /0507r0 Submission TGaj CC12 on 10 April 2014 Report Author: Date: NameCompanyAddressPhone Haiming WANGSEU/CWPAN 2.

RADEXT WG IETF 81 Agenda July 25, Please join the Jabber room:

Routing Area WG (rtgwg) IETF 84 – Vancouver Chairs: Alia Atlas Alvaro Retana

IETF Scott Bradner editor, IPR rules documents.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

OAuth WG Blaine Cook, Hannes Tschofenig. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.

DMM WG IETF 84 DMM WG Agenda & Status Tuesday, July 31 st, 2012 Jouni Korhonen, Julien Laganier.

Interface to the Routing System (IRS) BOF IETF 85, Atlanta November 2012.

RADEXT WG Virtual Interim Agenda Monday, October 11, :00 AM – 10:00 AM PDT Please join the Jabber room:

MODERN BoF Managing, Ordering, Distributing, Exposing, and Registering telephone Numbers IETF 92.

Reducing Unwanted Communications in SIP (RUCUS) BOF Hannes Tschofenig Francois Audet.

1 Patents / Intellectual Property Slides. 2 Membership & Affiliation SISO-ADM-002 requires PDG/PSG members to be SISO members Membership obtained through.

DIME WG IETF 83 DIME WG Agenda & Status Thursday, March 29, 2012 Jouni Korhonen, Lionel Morand.

Source Packet Routing in Networking WG (spring) IETF 89 – London Chairs: John Scudder Alvaro Retana

SIP Working Group IETF Chairs -- Rohan MAHY Dean WILLIS.

Mon 23 Mar 2015SIDR IETF 92 Dallas, TX, US1 SIDR Working Group IETF 92 Dallas, TX, US Monday, 23 Mar 2015.

Agenda Wednesday, July 29, :00 – 15:00 Congresshall B Please join the Jabber room: LEDBAT WG IETF 75.

Month Year doc.: IEEE /0xxxr0 January 2014

Russ Housley IETF Chair 8 December 2010

Instructions for the WG Chair

SACM Virtual Interim Meeting

MODERN Managing, Ordering, Distributing, Exposing, & Registering telephone Numbers IETF 101.

Instructions for the WG Chair

Sanctions Are Available

David Noveck IETF99 at Prague July 20, 2017

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Instructions for the WG Chair

Instructions for the WG Chair

IETF 101 London MBONED.

What makes for a quality RFC?

Note Well This is a reminder of IETF policies in effect on various topics such as patents or code of conduct. It is only meant to point you in the right.

Jeffrey Haas Reshad Rahman

Transport Services (TAPS) Working Group

BPSec: AD Review Comments and Responses

Submission Title: IG SEC Opening Report for July 2014 Session

Joint OPS Area and OPSAWG Meeting

Presentation transcript:

Protocol Privacy Considerations Russ Housley IETF Chair 8 December 2010

2 Definition of Privacy  RFC 2828 has a reasonable definition of privacy: $ privacy (I) The right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others. (See: anonymity.) (O) "The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed." [I7498 Part 2]

3 Security Considerations  RFC 2223 (and RFC 1543 before it) provides Instructions to RFC Authors; it requires a Security Considerations section in all RFCs  But, neither RFC provides much guidance: “All RFCs must contain a section near the end of the document that discusses the security considerations of the protocol or procedures that are the main topic of the RFC.”

4 Interpretation: 1st SEC AD At the time, I think my view of “privacy” was that it was one the several attributes to be included within “security” though I realize that’s not how it’s viewed today and may not have been the shared viewed even then.

5 Interpretation: 2nd SEC AD Compared to privacy, security is trivial. Most people have some sense of what security means, and we even have some definitions and particulars. Privacy, by comparison, is a much more subjective and cultural topic. What we mean by and the boundaries of privacy vary greatly among cultures. A lot of what we think of as privacy can fall under the security umbrella, and the stuff that does is rarely if ever controversial. However the stuff that doesn't fit there is where controversy begins.

6 Interpretation: Consensus  RFC 3552 / BCP 72 on Guidelines for Writing RFC Text on Security Considerations does not really address privacy considerations  This is as close as it gets: “In general, the goal of a passive attack is to obtain information which the sender and receiver would prefer to remain private. This private information may include credentials useful in the electronic world and/or passwords or credentials useful in the outside world, such as confidential business information.”

7 Supportive IETF Culture Evolved  Security Tutorial on Sunday of IETF meeting has raised awareness  Security Directorate (SecDir) does review during IETF Last Call of every document Includes RFC 3552-related review  Security Advisers assigned to WG when SEC ADs are aware of a need Only successful very early in WG life cycle

8 Privacy Considerations  IETF participants can fruitfully talk about aspects of protocols that do not offer individuals opportunity to control what information related to them is disclosed  We ought to write them down

9 Discussion … Russ Housley Phone: