W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2021

Re: Privacy considerations of trace logging (was Re: New Version Notification for draft-kazuho-httpbis-selftrace-00.txt)

From: Roberto Peon <fenix@fb.com>
Date: Sun, 15 Aug 2021 17:52:49 +0000
To: Lucas Pardue <lucaspardue.24.7@gmail.com>, Kazuho Oku <kazuhooku@gmail.com>
CC: Jana Iyengar <jri.ietf@gmail.com>, IETF QUIC WG <quic@ietf.org>, "HTTP Working Group" <ietf-http-wg@w3.org>, Robin MARX <robin.marx=40uhasselt.be@dmarc.ietf.org>
Message-ID: <443D321B-D492-4136-B3B0-561502415AE7@fb.com>
Let’s disregard my reply in the other thread, and discuss here instead..

Side-channel attacks should be on the docket for discussion too.
Trace-data seems ripe for abuse if we don’t carefully game out where it can be used to answer an attacker’s hypothesis…
-=R

From: QUIC <quic-bounces@ietf.org> on behalf of Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Sunday, August 15, 2021 at 8:00 AM
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: Jana Iyengar <jri.ietf@gmail.com>, IETF QUIC WG <quic@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, Robin MARX <robin.marx=40uhasselt.be@dmarc.ietf.org>
Subject: Re: Privacy considerations of trace logging (was Re: New Version Notification for draft-kazuho-httpbis-selftrace-00.txt)

Agree with all your points Kazuho. This topic probably extends to toxic telemetry more broadly, which is a mighty task. In the short term establishing some common criteria had value for implementions and deployments.

Cheers
Lucas
Received on Sunday, 15 August 2021 17:53:08 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 15 August 2021 17:53:10 UTC