Re: Privacy considerations of trace logging (was Re: New Version Notification for draft-kazuho-httpbis-selftrace-00.txt) from Roberto Peon on 2021-08-15 (ietf-http-wg@w3.org from July to September 2021)

From: Roberto Peon <fenix@fb.com>
Date: Sun, 15 Aug 2021 17:52:49 +0000
To: Lucas Pardue <lucaspardue.24.7@gmail.com>, Kazuho Oku <kazuhooku@gmail.com>
CC: Jana Iyengar <jri.ietf@gmail.com>, IETF QUIC WG <quic@ietf.org>, "HTTP Working Group" <ietf-http-wg@w3.org>, Robin MARX <robin.marx=40uhasselt.be@dmarc.ietf.org>
Message-ID: <443D321B-D492-4136-B3B0-561502415AE7@fb.com>

Let’s disregard my reply in the other thread, and discuss here instead..

Side-channel attacks should be on the docket for discussion too.
Trace-data seems ripe for abuse if we don’t carefully game out where it can be used to answer an attacker’s hypothesis…
-=R

From: QUIC <quic-bounces@ietf.org> on behalf of Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Sunday, August 15, 2021 at 8:00 AM
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: Jana Iyengar <jri.ietf@gmail.com>, IETF QUIC WG <quic@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, Robin MARX <robin.marx=40uhasselt.be@dmarc.ietf.org>
Subject: Re: Privacy considerations of trace logging (was Re: New Version Notification for draft-kazuho-httpbis-selftrace-00.txt)

Agree with all your points Kazuho. This topic probably extends to toxic telemetry more broadly, which is a mighty task. In the short term establishing some common criteria had value for implementions and deployments.

Cheers
Lucas

Received on Sunday, 15 August 2021 17:53:08 UTC