IETF 108: PEARG Date: Monday, 27 July 2020 Time: 11:00 -- 12:40 (UTC) Session: 1 Location: Meetecho (Room 2)
Chairs: Sara Dickinson, Shivan Sahib, Chris Wood Agenda and slides: https://datatracker.ietf.org/meeting/108/session/pearg
Testing Apps for COVID-19 Tracing (TACT) - Stephen Farrell (15 mins)
Google Play services is closed-source
Trust Token architecture and the private metadata bit - Steven Valdez (15 mins)
Next steps: Privacy pass IETF standardization (first session on Friday 31 July 2020)
Deanonymizing Internet Traffic with Website Fingerprinting - Nate Matthews (15 mins)
Website fingerprinting defenses
Open questions on WF defense
Randomized Response Mechanisms in RTT Measurements for QUIC - Amelia Andersdotter (15 mins)
Reviews are sought.
Sara: Would like to see additional reviews on the list. It is useful to the research group. There will be a call for adoption.
A Survey of Worldwide Censorship Techniques, Joe Hall (10 mins)
Sara: Clarification question about including the remaining issues.
Joe: Expect another update to the draft before asking for another LC.
Joe: We also need to discuss how we talk about censorship techniques.
Amelia: Carsten Borrmann proposed to use "techniques employed for censorship" instead of "censorship techniques" and I will be in favour of this change. Does anyone have a reservation on this?
Joe: There are three instances where we mention this. So, we can make the change. It is also mentioned on the title though.
Amelia: In the past, in other standards meetings there have been long discussions on what networks mean and we may not want to have such philosophical discussions on this topic in this group.
Sara: Clarification - The changes will be discussed on the mailing list (not in the github issues)?
Peter Koch: is the 'censorship' draft a new playing field to establish (or not) DNS as a content control plane, i.e., more of a policy issue?
Personal Information Tagging for Logs, Sandeep Rao (10 mins)
Future work: Privacy preservation across log transformations, change of privacy marking policy (how to enforce these changes) and out-of-band mechanism to notify privacy scheme
Stephen Farrell: One of things I have noticed is that any field that uses human input contains a password. Consider tagging not only the data type but also the source.
Sandeep Rao: Good input
teirdes: but why example from RFC3164 given that this RFC was obsoleted by RFC5424?
Sandeep Roa: Yes, I will update it
Sara: There will be a call on the list to adopt the draft
Guidelines for Performing Safe Measurement on the Internet, Gurshabad Grover (10 mins)
Sara: This draft has been adopted and a new author has come on board.