hi Björn, Thanks for the review! Comments/questions on points inline, points removed will be edited into the working document without comment.
> On 10 Jan 2015, at 02:08, Bjoern Hoehrmann <derhoe...@gmx.net> wrote: > > * Ted Hardie wrote: >> The program and authors would appreciate review of >> draft-iab-privsec-confidentiality-threat-01.txt ( >> http://www.ietf.org/id/draft-iab-privsec-confidentiality-threat-01.txt). >> Note that the text on mitigations to these threats has been split into a >> second document which is forthcoming. Reviews can be sent to this list or >> the authors. > > Mostly editorial things on sections 1-3: > In Section 2 I think the example for "Infererence" should be replaced by > a much simpler one. Do you have a suggestion here? > I am not happy with using "Observation" with the specified meaning in > this context. The word usually refers to the act, not the data, and here > it may be easy to confuse it with, say, targeted surveillance as part of > a justice system, perhaps especially for non-native readers. I encourage > trying to find an alternative term. This terminology is borrowed from the passive network measurement community, and specifically from the terminology for IPFIX/PSAMP (see RFC 7011). Unfortunately, in this space we've pretty much used all the words we could (many multiple times), so I think any change would be arbitrary. However, I'm open to suggestions for better terms. > The definition for "Unwitting Collaborator" as though an "Unwitting > Collaborator" is a "Collaborator". That seems incorrect to me. How about "An entity that is a legitimate participant in a communication, and who is the source of information obtained by the attacker without the entity's consent or intention, because the attacker has exploited some technology used by the entity"? > I do not think "Key Exfiltration" depends on the presence of a > "collaborator". Same for "Content Exfiltration". Without a collaborator (deliberate or unwitting), how would this be exfiltration? > I think Section 3 would benefit from a short preface that explains, as > the section title suggest, this is an "idealised" description, and > explains how this is useful. Right now the section jumps right into > describing something that is extremely implausible without qualifiers, > and many readers might be unfamiliar with such descriptions. The idealized attacker model was based on more or less the maximum set of capabilities you could publicly (i.e. outside the security community) ascribe to an entity performing pervasive surveillance without being accused of paranoia, before the spring of 2013. It only seems implausible *now* because of what we know and can confirm. I think we can make this clearer with a little text and some reorganization. Thanks again! A new version will follow shortly. Cheers, Biran > -- > Björn Höhrmann · mailto:bjo...@hoehrmann.de · http://bjoern.hoehrmann.de > D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de > Available for hire in Berlin (early 2015) · http://www.websitedev.de/ > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
