On 05/05/16 14:20, Dave Crocker wrote: > On 5/5/2016 1:30 AM, Robin Wilton wrote: >> Privacy can also be a subjective thing (for instance, some people >> think it's important to draw their curtains in the evening - others >> don't). That subjectivity makes privacy a highly contextual thing, > > This is an Alice, Through the Looking Glass perspective on the term. > > At the least, it means it is not a technical term, in which case using > it in technical contexts is mostly going to cause confusion, since one > speaker's intended meaning will differ from another listener's... > > Standards work is primarily an exercise in gaining group consensus on > technical specifics. If 'privacy' is to be a technical term, then we > need to agree on its specifics. That doesn't mean the term needs lots > of fine-grained detail. In fact, for something this important and this > basic, it needs as little detail as possible, while still serving to > guide technical choices. > > >> Privacy is about retaining the ability to disclose data consensually, >> and with expectations regarding the context and scope of sharing. > ... >> http://www.internetsociety.org/blog/2013/12/language-privacy > > > This looks like an entirely reasonable and helpful definition, as I > noted a year ago.
It's definitely not bad:-) I think it misses a bit though, in our context. Sometimes we just have to expose an identifier (e.g. a source IP address) and that can be privacy-sensitive, but there's no real way in which it's consensual, unless one considers even connecting to the network as consenting in some form to such exposure, which'd be odd I think. So while Robin's text is pretty good when I think about payloads, it doesn't seem to cover issues with meta-data and other protocol artefacts so well. I'm also not sure how much that'd help when it comes to considering re-identification issues which can be very subtle (cf. netflix competition). But it's a good start. > > There are other, similarly short and focused, definitions. Each is > reasonable. And while the differences in the definitions probably > matter, I think that the need to focus technical work requires choosing > one. If we want the term to have useful substance. > > The fact that choosing one has some challenges is being used as a reason > for not trying. That's an ironic excuse, for an organization whose > primary reason for being is the development of community consensus on > non-trivial choices... I'd be happy if someone wanted to try craft some definitional text say in an I-D, with the goal of meeting Dave's challenge to define privacy in a way that's useful for IETF work. I don't know if that'd end up as an RFC, but it might, and if well-done, and if it garnered consensus, it could be quite useful. Cheers, S. > > > d/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ ietf-privacy mailing list ietf-privacy@ietf.org https://www.ietf.org/mailman/listinfo/ietf-privacy
