Thanks. I have removed my discuss. -Ekr
On Tue, Apr 25, 2017 at 10:36 AM, Randriamasy, Sabine (Nokia - FR/Nozay) < sabine.randriam...@nokia-bell-labs.com> wrote: > Hello Eric, > > Thanks a lot for your feedback and suggested text on privacy or security > issues. > I have added it to section 7 "Privacy And Security Considerations" of the > draft update that has > just been posted and can be found at https://tools.ietf.org/html/ > draft-ietf-alto-multi-cost-09 . > > Best regards, > Sabine > > > >>-----Original Message----- > >>From: Eric Rescorla [mailto:e...@rtfm.com] > >>Sent: 12 April 2017 01:02 > >>To: The IESG <i...@ietf.org> > >>Cc: draft-ietf-alto-multi-c...@ietf.org; Jan Seedorf <i...@j-f-s.de>; > alto- > >>cha...@ietf.org; i...@j-f-s.de; alto@ietf.org > >>Subject: Eric Rescorla's Discuss on draft-ietf-alto-multi-cost-08: (with > >>DISCUSS) > >> > >>Eric Rescorla has entered the following ballot position for > >>draft-ietf-alto-multi-cost-08: Discuss > >> > >>When responding, please keep the subject line intact and reply to all > email > >>addresses included in the To and CC lines. (Feel free to cut this > introductory > >>paragraph, however.) > >> > >> > >>Please refer to https://www.ietf.org/iesg/statement/discuss-criteria. > html > >>for more information about IESG DISCUSS and COMMENT positions. > >> > >> > >>The document, along with other ballot positions, can be found here: > >>https://datatracker.ietf.org/doc/draft-ietf-alto-multi-cost/ > >> > >> > >> > >>---------------------------------------------------------------------- > >>DISCUSS: > >>---------------------------------------------------------------------- > >> > >>This document states: > >>"This document does not introduce any privacy or security issues not > >> already present in the ALTO protocol." > >> > >>This may be true, but it's not obvious it is, because when questions are > asked > >>together, that's more of a privacy signature than independently. > >>So, suppose that application A asks for metric A and application B asks > for > >>metric B and application C asks for A and B. If these applications are > mixed > >>behind a CGN, with single queries then you don't know whether you have > >>some A clients and some B clients, but if you do multi-query, it's clear > these > >>are C clients. This is a potentially serious issue if (for instance) > Bittorrent > >>always asks for a very distinguished set of parameters, so an ALTO server > >>might use this to find Bittorrent clients. > >> > >> > >> > >
_______________________________________________ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto