Russ Housley IETF Chair 8 December 2010

Slides:



Advertisements
Similar presentations
Russ Housley IETF Chair 23 July 2012 Introduction to the IETF Standards Process.
Advertisements

OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
Working Connection Computer and Network Security - Introduction - Dr. Hwajung Lee Radford University.
IPR Issues: What ’ s New (and a little of what ’ s old) Scott Brim IETF 61.
DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.
DIME WG IETF 84 DIME WG Agenda & Status Tuesday, July 31 st, 2012 Jouni Korhonen, Lionel Morand.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.
(we need your advice!) Jon Peterson MIT– December 2010 IETF & Privacy.
NEWTRK WG Paris, August 5, Agenda 0 – agenda bashing – 10m 1 - introduction & status - chair- 10m discussion on the issues with ISD proposal.
Privacy Considerations for Internet Protocols Alissa Cooper 1.
Protocol Privacy Considerations Russ Housley IETF Chair 8 December 2010.
1 Designing a Privacy Management System International Security Trust & Privacy Alliance.
SonOf3039 Status Russ Housley Security Area Director.
Doc.: IEEE /0075r0 Report Nov 2011 Jon Rosdahl, CSRSlide 1 First Vice Chair Report 2011 Date: Authors:
Emergency Context Resolution with Internet Technologies BOF (ecrit) Jon Peterson, Hannes Tschofenig BOF Chairs.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
MODERN BoF Managing, Ordering, Distributing, Exposing, and Registering telephone Numbers IETF 92.
Emergency Context Resolution with Internet Technologies (ecrit) Hannes Tschofenig, Marc Linser Chairs.
SIP Working Group IETF Chairs -- Rohan MAHY Dean WILLIS.
© 2006 Open Grid Forum VOMSPROC WG OGF36, Chicago, IL, US.
GGF-Process WG Administrative Information Process Working Group:ggf-proc-wg Chairs:"Tony Genovese" "Cees de Laat" Secretary/Webmaster:"Stacey Bruno"
Agenda Wednesday, July 29, :00 – 15:00 Congresshall B Please join the Jabber room: LEDBAT WG IETF 75.
GGF Intellectual Property Policy
ID Tracker States: An Internet Draft’s Path Through the IESG
CLUE WG Interim Meeting San Jose, CA Sept , 2012
Policy & Procedure Writing
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
IEEE ah Sub 1 GHz license-exempt operation Agenda for July 2014
Month Year doc.: IEEE /0xxxr0 January 2014
IETF 86 Orlando MBONED.
The need for better security considerations guidance
CAPWAP Working Group IETF 66 Montreal
Information and Network Security
Instructions for the WG Chair
SACM Virtual Interim Meeting
MODERN Managing, Ordering, Distributing, Exposing, & Registering telephone Numbers IETF 101.
Instructions for the WG Chair
Joint OPS Area and OPSAWG Meeting
Sanctions Are Available
1 Guidelines for Autonomic Service Agents draft-carpenter-anima-asa-guidelines-00 Brian Carpenter Sheng Jiang IETF 97 November
David Noveck IETF99 at Prague July 20, 2017
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Instructions for the WG Chair
Instructions for the WG Chair
IETF 101 London MBONED.
Note Well This is a reminder of IETF policies in effect on various topics such as patents or code of conduct. It is only meant to point you in the right.
Joint OPSAWG and OPS Area Meeting
Joint NTP and TICTOC Meeting
Jeffrey Haas Reshad Rahman
Transport Services (TAPS) Working Group
IETF102 Montreal Web Authorization Protocol (OAuth)
Web Authorization Protocol (OAuth) WG Chairs: Hannes Tschofenig, Rifaat Shekh-Yusef, Security AD: Roman.
Software Updates for Internet of Things (SUIT) WG
Web Authorization Protocol (OAuth) WG Chairs: Hannes Tschofenig, Rifaat Shekh-Yusef, Security AD: Roman.
BPSec: AD Review Comments and Responses
TCP Maintenance and Minor Extensions (TCPM) Working Group
IETF 103 pim wg meeting.
Joint OPS Area and OPSAWG Meeting
Invited talk to the MPLS WG by Anonymous Chair
Submission Title: IG SEC Opening Report for July 2014 Session
IETF-104 (Prague) DHC WG Next steps
Software Updates for Internet of Things (SUIT) WG
Agenda Wednesday, March 30, :00 – 11:30 AM
James Polk Gorry Fairhurst
SIPBRANDY Chair Slides
Pseudowire And LDP-enabled Services (PALS) WG Status IETF 100 Singapore Co-Chairs: Stewart Bryant and Andy Malis
Scott Bradner & Martin Thomson
IETF 87 DHC WG Berlin, Germany Thursday, 1 August, 2013
Joint OPS Area and OPSAWG Meeting
Presentation transcript:

Russ Housley IETF Chair 8 December 2010 Security in the IETF Russ Housley IETF Chair 8 December 2010

Definition of Privacy RFC 2828 (“Internet Security Glossary”) has a reasonable definition of privacy: $ privacy (I) The right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others. (See: anonymity.) (O) "The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed." [I7498 Part 2]

Security Considerations RFC 2223 (and RFC 1543 before it) provides Instructions to RFC Authors; it requires a Security Considerations section in all RFCs But, neither RFC provides much guidance: “All RFCs must contain a section near the end of the document that discusses the security considerations of the protocol or procedures that are the main topic of the RFC.”

Interpretation: 1st SEC AD At the time, I think my view of “privacy” was that it was one the several attributes to be included within “security” though I realize that’s not how it’s viewed today and may not have been the shared view even then. Steve Crocker

Interpretation: 2nd SEC AD Compared to privacy, security is trivial. Most people have some sense of what security means, and we even have some definitions and particulars. Privacy, by comparison, is a much more subjective and cultural topic. What we mean by and the boundaries of privacy vary greatly among cultures. A lot of what we think of as privacy can fall under the security umbrella, and the stuff that does is rarely if ever controversial. However the stuff that doesn't fit there is where controversy begins. Jeff Schiller

Interpretation: Consensus RFC 3552 / BCP 72 on Guidelines for Writing RFC Text on Security Considerations does not really address privacy considerations This is as close as it gets: “In general, the goal of a passive attack is to obtain information which the sender and receiver would prefer to remain private. This private information may include credentials useful in the electronic world and/or passwords or credentials useful in the outside world, such as confidential business information.”

Supportive IETF Culture Evolved Security Tutorial on Sunday of IETF meeting has raised awareness Security Directorate (SecDir) does review during IETF Last Call of every document Includes RFC 3552-related review Security Advisers assigned to WG when SEC ADs are aware of a need Only successful very early in WG life cycle

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.