RE: RFC 6973: Privacy Considerations for Internet Protocols from Frank.Dawson@nokia.com on 2013-08-08 (public-privacy@w3.org from July to September 2013)

From: <Frank.Dawson@nokia.com>
Date: Thu, 8 Aug 2013 16:48:42 +0000
To: <hannes.tschofenig@gmx.net>
CC: <public-privacy@w3.org>
Message-ID: <B783647736D1454A9C30558CB7549901394FC98E@008-AM1MPN1-003.mgdnok.nokia.com>

Hei Hannes.

See you Week35 in HKI?

<snip/>

> Just a minor remark on the confidentiality aspect:
> 
> In RFC 6973 we re-use the terminology from RFC 3552:
> http://tools.ietf.org/html/rfc3552#section-2

<snip/>
 
> The NIST SP 800-53 uses confidentiality in a much broader sense; it seems to
> include aspect that we cover under "Stored Data Compromise".
> 
<frank/> That is my point. By referencing RFC3552 you are using semantics from infosec, not infopriv. RFC6973 should be about information privacy semantics. One of the largest faux pas in current privacy industry discussions is the use of infosec semantics for same terms used in infopriv. We have to transpose the use of the term into the privacy usage. Confidentiality has a specific meaning in privacy that is different than in security. 

<snip/>
 
> PS: Regarding the earlier remark about mandating a privacy consideration
> section. This document is work done by the Internet Architecture Board (IAB).
> The IAB cannot enforce such a mandatory inclusion of a privacy consideration
> section since the IAB is not the document approving body for the IETF
> document stream. It is as simple as that.
> 
<frank/>I am not sure that the IAB has no authority. They pay the bills of the IETF. Also, this could have been done by making it a SHOULD. According to RFC2119, implementors need to indicate WHY they did not follow the SHOULDs also. This would have been a good first step. I think this has strong support with many in the W3C PING also.

I got through about 1/3 of your and Aleecia's Privacy Tutorial from Berlin IETF. Then a very unusual thunder shower (compared to thunder storm) came through Southlake, Texas and we had a power surge/brown out. Will get back to finishing the viewing later. I liked the strong participation from the audience. The topic was very well received by IETF participants. Can you post the slide deck (with updates) on IETF or IAB document site and share the URL with us here in W3C?

Frank/

Received on Thursday, 8 August 2013 16:49:16 UTC