Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive Monitoring is an Attack) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andy,

Yes, but that doesn't rule out Google Analytics, as long as the user
knows about it and desires it, right?

I think, therefore, this bit needs an addition:

    For the purposes of this BCP "pervasive monitoring" means very
    widespread privacy-invasive gathering of protocol artefacts including
    application content, protocol meta-data (such as headers) or keys
    used to secure protocols.  Other forms of traffic analysis, for
    example, correlation, timing or measuring packet sizes can also be
    used for pervasive monitoring.

Adding the sentence, "In addition, to qualify as pervasive monitoring,
the activity should be either unknown to or unwelcome by the target of
the monitor," would make the difference explicit.

Best regards,

A
I'd suggest "unauthorized" as a replacement for "unknown or unwelcome",
as we try to better define PM.

I don't think it's necessary to mention "keys" here, since the keys
are not that valuable if you don't also grab the data, wrt confidentiality.

Also, "traffic analysis" probably should be discussed separately from
violating the confidentiality of app layer content. It's probably going
to be easier to address content confidentiality vs. traffic analysis,
and so it behooves us to make the distinction here, if we are trying
to use this doc to explain what we want WGs to address.

I am catching up on this thread, as I lost iesg messages for a few weeks.

I assume that others have noted that "artefact" is misspelled.

Steve





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]