Cyrus Daboo wrote:
I will try and propose some text for a Privacy Considerations section
Although we will need such a section, the tzdist privacy issues dkg raised shouldn't be addressed merely by adding a section that says in essence, "yes, admittedly tzdist's privacy stinks, but at least we've clearly documented that it stinks". Let's instead use his helpful review to adjust the protocol so that it better preserves privacy.
Doing that will take some work, but it's doable. Here are a couple of thoughts in that direction.
First, we can prevent servers from tracking users via ETag or steganographic data by requiring standard ETags (e.g., "tz2015a") and normalized data. Yes, this is a bit harder to implement on the server side, but it's not *that* hard, and it does prevent this privacy abuse.
Second, we can prevent tracking users via query parameters by making the typical query be simply "Give me everything", thus avoiding the parameters. As the entire tz database can be communicated in 25 kB in compressed format, this will be reasonably efficient (when combined with standard ETags) and will better preserve privacy. Yes, this also requires more work (on both client and server side), but it's not that much work, and if we really want privacy it should be work we're willing to do.
_______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
