On Mon, Dec 16, 2013 at 01:35:58PM -0500, Sam Hartman wrote: > >>>>> "Bjoern" == Bjoern Hoehrmann <derhoermi@xxxxxxx> writes: > > Bjoern> tell, is telling us that Google Analytics is an attack. The > So, our threat model has included passive monitoring basically since we > first wrote it down. Yes, but that doesn't rule out Google Analytics, as long as the user knows about it and desires it, right? I think, therefore, this bit needs an addition: For the purposes of this BCP "pervasive monitoring" means very widespread privacy-invasive gathering of protocol artefacts including application content, protocol meta-data (such as headers) or keys used to secure protocols. Other forms of traffic analysis, for example, correlation, timing or measuring packet sizes can also be used for pervasive monitoring. Adding the sentence, "In addition, to qualify as pervasive monitoring, the activity should be either unknown to or unwelcome by the target of the monitor," would make the difference explicit. Best regards, A -- Andrew Sullivan ajs@xxxxxxxxxxxxxxxxxx