Brian E Carpenter wrote:
Hi Tony,
On 04/06/2015 15:06, Tony Hain wrote:
Stephen Farrell wrote:
On 03/06/15 22:03, Tony Hain wrote:
Stephen Farrell wrote:
I would assert that the existence of the dprive WG is good evidence
that the IETF does not consider data-integrity as the only real
concern for public data.
And I would assert that it shows a group-think knee-jerk
overreaction to threats that hypothetically could be applied in
broader contexts than history documents. We are both free to express
our own assertions.
Disagreeing is of course fine but does not require that those with
whom one disagrees are stuck in a group-think knee-jerk mixed
metaphor;-)
Looking at the actual text of the statement though [1] I could agree
that the 3rd paragraph is maybe more justified on security grounds,
so maybe s/privacy/security&privacy/ would be better there.
No, more below.
That said, there is a real threat to privacy (cf. tempora) when it is
credible to assume that any of our traffic that transits undersea
cables is recorded, and traffic to the IETF is a part of that even if
it's quite unlikely, by itself, to be privacy sensitive.
I never argued that there is not a general threat to privacy due to
recording, just that it does not apply here. My point was that the IETF does
not have a general technical REQUIREMENT for privacy. There are many that
WANT privacy in everything they do, but that does not equate to a real
requirement for the public content of an open organization. Substituting
security&pirvacy only makes a bad choice of words worse. The IETF has no
business case for either, and if there was a case something would have
been done about it long before now.
It isn't the content that is private, of course. However, if there are IETF
participants who require a degree of privacy about their use of IETF public
information, it is entirely reasonable for the IETF to support that with a
straightforward measure like HTTPS. As has been pointed out already, that
is insufficient to provide a high degree of privacy.
Try "...the act of accessing public information required for routine tasks can
be privacy sensitive *on the user's side*..."
So that text exposes the silliness of this effort. IF there are people that
really need privacy of their access of IETF content, they had better be using
more than HTTPS. If they are not using something like TOR they are toast,
because it doesn't take much traffic analysis to figure out which documents are
being read. Anyone can create a mirror, and with that data they will know which
documents and requests create which byte stream lengths.
I don't see anything political about that. It's factual.
It is dangerous to imply that simple https provides any privacy when the
original content is public information. If true privacy is the requirement then
the IETF needs to be serious about expanding TOR. This proposed text is
unnecessary theater to make a political statement. If the I* wants to make a
political statement, the ISOC or maybe IAB should make it. The IESG has no
business making anything more than a technical statement, and the only thing
they need to say is that data-integrity is important so we are making https the
default. The clear refusal to drop the word privacy from the statement just
underscores how much this is politically driven rather than a serious effort to
ensure that the IETF content is delivered intact.
My overall concern here is that statements like this undermine the integrity of
the organization. I understand people wanting to improve overall privacy, but
this step does not do that in any meaningful way.
Tony
Brian