On Mon, Jun 30, 2014 at 10:35 AM, Sebastian Kiesel <ietf-a...@skiesel.de> wrote:
> On Fri, Jun 27, 2014 at 12:16:16PM -0500, Vijay K. Gurbani wrote: > > On 06/26/2014 04:58 AM, Scharf, Michael (Michael) wrote: > > >Haibin asked me to send the following comment from a private > > >discussion also to the list: > > > > > >Section 3.3 of draft-deng-alto-p2p-ext-01 suggest a new Endpoint > > >Property Type "network_access" for P2P peer selection. As far as I > > >recall, this type of ALTO guidance was discussed in the past quite a > > >bit, and there may have been privacy concerns. For instance, > > >draft-ietf-alto-deployments-09 Section 3.2.4. includes the following > > >statement: > > > > > >o Performance metrics that raise privacy concerns. For instance, > > >it has been questioned whether an ALTO service could publicly expose > > >the provisioned access bandwidth, e.g. of cable / DSL customers, > > >because this could enables identification of "premium" customers. > > > > > >That text was already in draft-ietf-alto-deployments before I started > > >to edit this document. > > > > > >For P2P use cases, I wonder whether that concern might (still) apply > > >to endpoint properties such as DSL vs. FTTH as currently suggested > > >draft-deng-alto-p2p-ext-01. > > > > [As individual, of course.] > > > > I suspect the type of network access (DSL, cable, FTTH, satellite) is > > probably okay. Commercial companies often publicly tout the deployment > > of certain access technologies in neighbourhoods. > > I know some neighborhoods where FTTH is available, but at very high > prices. Consequently, many people there prefer to keep their existing > xDSL or cable based Internet service. If we used ALTO to announce who > decided to pay the high price for FTTH, I would consider this as a > potential privacy concern, because this would be some kind of list of > households with better-than-average income and/or computer professionals > or enthusiasts living there. > This is an interesting example, and provides a case where access control may be used. I always expect that there should be an access control mechanism, in given settings, to limit the information exposure of ALTO info. I can imagine that this can be endhost opt-in, or provider control (e.g., only certain trusted entities can access the URL). Richard > > Sebastian > > _______________________________________________ > alto mailing list > alto@ietf.org > https://www.ietf.org/mailman/listinfo/alto >
_______________________________________________ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto