On Mon, Apr 6, 2015 at 1:50 PM, Miles Fidelman <mfidelman@xxxxxxxxxxxxxxxx> wrote:
Somehow, privacy + publicly accessible documents seems like a corner case all of its own. Obviously, we're not talking about keeping the document itself secure, and ftp supports anonymous access.
In general, the privacy implications of revealing access to publicly accessible documents can be very significant. There's a lot you can determine about a subject with just their access to publicly accessible documents like news articles reviewed, blogs visited, etc. Under the current threat model, this information can be determined by correlating observations taken at many points in the network topology, rather than by targeted observation.
Please be careful about making broad generalizations on this topic based on the smaller question of "FTP access to RFCs". It may be a very poor stand-in for the general threat.
regards,
Ted