Let’s disregard my reply in the other thread, and discuss here instead.. Side-channel attacks should be on the docket for discussion too. Trace-data seems ripe for abuse if we don’t carefully game out where it can be used to answer an attacker’s hypothesis… -=R
From: QUIC <[email protected]> on behalf of Lucas Pardue <[email protected]> Date: Sunday, August 15, 2021 at 8:00 AM To: Kazuho Oku <[email protected]> Cc: Jana Iyengar <[email protected]>, IETF QUIC WG <[email protected]>, HTTP Working Group <[email protected]>, Robin MARX <[email protected]> Subject: Re: Privacy considerations of trace logging (was Re: New Version Notification for draft-kazuho-httpbis-selftrace-00.txt) Agree with all your points Kazuho. This topic probably extends to toxic telemetry more broadly, which is a mighty task. In the short term establishing some common criteria had value for implementions and deployments. Cheers Lucas
