Thanks for the excellent summary Stephen, Looks like I've got some reading to do before I get started :-)
Rob -----Original Message----- From: Stephen Farrell [mailto:stephen.farr...@cs.tcd.ie] Sent: 24 March 2014 15:03 To: Horne, Rob; ietf-privacy@ietf.org Subject: Re: [ietf-privacy] [perpass] Wiki for managing PPM reviews of existing RFCs Hi Rob, On 03/24/2014 12:31 PM, Horne, Rob wrote: > Hi, I'm interested in reviewing RFCs so could someone tell me - or > point me in the direction of - what the goals are, how to conduct a > review and what exactly are we looking for? I guess you can infer most of that from threads on this and the perpass [1] mailing list, the notes from the Monday lunch [2] and the wiki [3]. But since that's a lot of putting stuff together, here's my quick summary: - The IETF are rightly putting some more focus on privacy both as a result of [4] and [5], but also because its the right thing to do - Part of that will involve figuring out how better to handle reviews of works-in-progress, e.g. via secdir and gen-art reviews, but that's not this activity (though will be informed by it) - Another part (initially suggested I think by Christian Huitema back in Vancouver) is reviewing existing RFCs and that is this bit - The goal of these reviews is to analyse those existing RFCs for privacy issues or issues related to pervasive monitoring and document those in some useful fashion - Ideally, that analysis might also suggest mitigations, some of which might be things one can do now, whilst others might be things that'd require changes to protocols, implementations or deployments - For the latter cases, we're not proposing to do everything now, but as and when protocols are revised (or if we find something startling) then we'd hope that revisions would take account of the analyses done here (and because [4] is now approved as a new BCP, that is not a forlorn hope:-) - In some cases, reviews will highlight privacy issues that might not be intrinsic to the protocol in the RFC, but that arise due to how that protocol is now deployed (which may be quite different from how that was initially envisaged to happen) - Writing up the analysis as an Internet-draft is a fine way to do that (so its archived etc.); there are a couple of examples in the tracker which should be useful help - Avri and Scott have been helping out with organising this and have put up the wiki at [1] - For people who want to review something - go pick a thing for which you think you're qualified to do a good review and ideally which you think is important and then... just do it - Its not a sin to find nothing nor to do an imperfect job, but the better the job done... the better the job done:-) - Make a ticket so's we don't waste effort having a few folks doing stuff and so we can keep track - I'd say maybe don't put in speculative tickets (e.g. meaning "someone, but not me, really ought review RFCxxxx"), but just add tickets for stuff you've done or are doing now or in the quite near future - Try get initial work done and visible by mid-May so we can see how we're doing and consider that before and during the July IETF Cheers, (and thanks all for doing stuff!), S. [1] http://www.ietf.org/mail-archive/web/perpass/current/maillist.html [2] http://www.ietf.org/mail-archive/web/perpass/current/msg01640.html [3] https://trac.tools.ietf.org/group/ppm-legacy-review/wiki [4] http://tools.ietf.org/html/draft-farrell-perpass-attack [5] http://tools.ietf.org/html/draft-barnes-pervasive-problem-00 > > > > Thanks, > > Rob > > > > > > > > > > From: ietf-privacy [mailto:ietf-privacy-boun...@ietf.org] On Behalf Of > Scott Brim Sent: 24 March 2014 12:23 To: yaojk Cc: > ietf-privacy@ietf.org; perpass Subject: Re: [ietf-privacy] [perpass] > Wiki for managing PPM reviews of existing RFCs > > > > > On Mar 23, 2014 10:49 PM, "Jiankang Yao" > <ya...@cnnic.cn<mailto:ya...@cnnic.cn>> wrote: >> since there are thousands of RFCs, it is better that they can be >> reviewd by category. for example, based on the following category: >> http://www.faqs.org/rfcs/np.html >> >> Jiankang Yao > > We want to make sure the essential RFCs are reviewed, and categories > are a good way to organize that if you know what categories to use. > We don't have enough experience yet to know what good categories would > be -- we don't know how many reviewers we will have our their interest > areas. To start with let's just get everyone doing reviews. > We can organize them later, once we get over a hundred. > > Thanks... Scott > > > > > _______________________________________________ ietf-privacy mailing > list ietf-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-privacy > _______________________________________________ ietf-privacy mailing list ietf-privacy@ietf.org https://www.ietf.org/mailman/listinfo/ietf-privacy
