Changes between Version 7 and Version 8 of pearg


Ignore:
Timestamp:
Sep 19, 2018, 6:08:45 AM (16 months ago)
Author:
sara@…
Comment:

Update the Draft Charter

Legend:

Unmodified
Added
Removed
Modified
  • pearg

    v7 v8  
    1414== Background
    1515
    16 Privacy is an increasingly desirable and often necessary property for Internet technologies. Evidence suggests that attacks on societal, community, and individual privacy occur with non-negligible frequency, as discussed in detail in RFC 7258 and in protocol-specific documents such as RFC 7626. Pervasive monitoring [RFC 7258], is a well known attack on privacy at incredible scale.  The IETF and IAB responses to such attacks is to push for widespread end-to-end encryption. Understanding attacks on privacy and the costs of addressing them is critical for ensuring the longevity, usability, and viability of Internet technologies.
     16Privacy is an increasingly desirable and often necessary property for Internet technologies. Evidence suggests that attacks on societal, community, and individual privacy occur with non-negligible frequency, as discussed in detail in RFC 7258 and in protocol-specific documents such as RFC 7626. Pervasive monitoring [RFC 7258], is a well known attack on privacy at incredible scale.  The IETF’s and IAB’s responses to such attacks is to push for widespread end-to-end encryption. Understanding attacks on privacy and the costs of addressing them is critical for ensuring the longevity, usability, and viability of Internet technologies.
    1717
    18 Alongside such work the emergence of global and region-specific legislation in this area e.g. GDPR provides further motivation for enhancing available privacy techniques (beyond end-to-end encryption), advancing the state-of-the-art for privacy in protocols, and for assessing privacy of existing protocols.
     18Alongside such work global and region-specific legislation is evolving in this area (GDPR and the ePrivacy Directive are two such examples applicable to Europe). While the full impact of such legislative changes is not understood, this provides further motivation for enhancing available privacy techniques (beyond end-to-end encryption), advancing the state-of-the-art for privacy in protocols, and for assessing privacy of existing protocols.
     19
     20Furthermore, there are varying definitions of privacy and confidentiality with different scope and context since it is often seen technically as an aspect of security analysis whereas it is in fact inherently a social, technical, economic, and legal construct.
    1921
    2022== Objectives
    2123
    22 The Privacy Enhancements and Assessments Research Group (PEARG) is a general forum for discussing and reviewing privacy enhancing technologies for network protocols and distributed systems in general, and for the IETF in particular. The PEARG serves as a bridge between theory and practice, bringing new privacy-enhancing technologies to the Internet community and promoting an understanding of the use and applicability of these mechanisms via Informational RFCs (in the tradition of HMAC [RFC 2104]).  Our goal is to provide a forum for discussion and analyzing the cryptographic and practical aspects of privacy protocols, and to offer guidance on the use of emerging techniques and new uses of existing ones.  IETF working groups developing protocols that include privacy technology elements are welcome to bring questions concerning the protocols to the PEARG for advice.
     24The Privacy Enhancements and Assessments Research Group (PEARG) is a general forum for discussing and reviewing privacy enhancing technologies for network protocols and distributed systems in general, and for the IETF in particular.
    2325
    24 The Assessments objective of PEARG will include partaking in the following tasks:
    25 
    26 1) Reviewing privacy properties (informed by but not limited to the analysis in RFC6973) of existing and emerging IETF protocols,
    27 
    28 2) Developing specifications in the tradition of RFC 6973 that offer guidance for protocol design and development and advice on privacy-enhancement. 
    29 
    30 This work will involve outreach to ensure close cooperation with similar and related efforts in IETF.
     26The PEARG serves to:
     271. Be a bridge between theory and practice, bringing new privacy-enhancing technologies from open source or academic communities to the wider Internet community and promoting an understanding of the use and applicability of these mechanisms via Informational or Experimental RFCs (in the tradition of HMAC [RFC 2104]). 
     282. Reviewing privacy properties (informed by but not limited to the analysis in RFC6973) of existing and emerging IETF protocols. In particular, engagement in review early in the design process is highly desirable.
     293. Developing specifications in the tradition of RFC 6973 that offer guidance for protocol design and development and advice on privacy-enhancement.  This work will involve outreach to ensure close cooperation with similar and related efforts in IETF.
     304. Providing a forum for discussion and analysis of the cryptographic and practical aspects of privacy protocols e.g.
     31  a. Analyse dependencies between protocols in the larger Internet ecosystem and understand the privacy implications in a wider context
     32  b. Understand why some protocol design efforts have succeeded and other have not
     33  c. Formulate better models for analyzing and quantifying privacy risks
     34  d. Offer guidance on the use of emerging techniques and new uses of existing ones. 
     355. Provide a forum for IETF working groups developing protocols that include privacy technology elements to bring questions concerning the protocols to the PEARG for advice.
    3136
    3237== Meetings
    33 
    34 The PEARG will meet two to three times per year, as deemed necessary by the chairs and according to demand. At least one PEARG meeting will be co-located with an IETF meeting per year. The PEARG will also meet collocated with relevant academic conferences, such as the Privacy Enhancing Technologies Symposium (PETS), yearly if possible. Participation is open to all.
     38The PEARG will meet two to three times per year, as deemed necessary by the chairs and according to demand. At least one PEARG meeting will be co-located with an IETF meeting per year. The PEARG will also meet collocated with relevant academic conferences, such as the Privacy Enhancing Technologies Symposium (PETS), yearly if possible.  Participation is open to all.
    3539
    3640Meetings are by default open with open attendance and published proceedings, with remote participation and recording as provided by the meeting venue, according to the IRTF’s IPR policy.
    3741
    38 The chairs may at times appoint at their pleasure “closed” design teams with lesser reporting requirements (though results will be open).  This will allow for some limited discussions in which participants require extra privacy.  This does not relax the Note Well:  for all activities of the RG, as for all other activities of IRTF, the Note Well applies [https://www.ietf.org/about/note-well/].
     42The chairs may at times appoint at their pleasure “closed” design teams with lesser reporting requirements (though results will be open).  This will allow for some limited discussions in which participants require extra privacy/confidentiality.  This does not relax the Note Well:  for all activities of the RG, as for all other activities of IRTF, the Note Well applies [https://www.ietf.org/about/note-well/].
    3943
    4044== Collaborations
     45PEARG will actively engage with academic and open source (e.g. Tor project, EFF, OTF) communities and encourage specification of key privacy-enhancing technologies in Informational or Experimental RFCs. It will also engage with other standards bodies e.g. PETS, SOUPS, W3C and the Privacy Interest Group therein.
    4146
    42 PEARG will actively engage with academic and open source (e.g. Tor project, EFF, OTF) communities and encourage specification of key privacy-enhancing technologies in Informational or Experimental RFCs.  Example current emerging technologies where interest is solicited include:
     47The range of potential topics the group could invite work on is large; some examples of current emerging technologies where interest is solicited include:
    4348
    44 1. Differential privacy techniques applied to networked and distributed systems
    45 2. Anti-fingerprinting techniques
    46 3. Potential uses of multi-party computation (MPC) for privacy
     49*  Statistical Inference e.g.
     50  1. Differential privacy (DP) techniques applied to networked and distributed systems (Chrome and Apple are known to have implementations of DP)
     51  2. Anti-fingerprinting techniques
     52* Potential uses of multi-party computation (MPC) for privacy
     53* Privacy preserving reputation systems
     54* ESA (Encode, Shuffle, Analyze architecture) for privacy-preserving software monitoring as proposed by Google
    4755
    48 PEARG is related to security and cryptographic protocols in the IETF and IRTF. Among the IETF working groups, PEARG will collaborate to ensure and encourage collaboration so that desirable privacy properties are upheld for the Internet community. PEARG will also collaborate with the CFRG to ensure cryptographic techniques and algorithms are used appropriately for their intended purpose.
     56PEARG is related to security and cryptographic protocols in the IETF and IRTF. Among the IETF working groups, PEARG will participate and encourage participation so that desirable privacy properties are upheld for the Internet community. PEARG will also collaborate with the CFRG to ensure cryptographic techniques and algorithms are used appropriately for their intended purpose.
    4957
    5058
     
    6169* Discussion of future meetings and co-location ideas
    6270
    63 [https://mailarchive.ietf.org/arch/msg/pearg/7W19JyCB0BySB31vfku2mYXRJMk Meeting minutes are available in the mail archive.]
     71Minutes
     72* [https://mailarchive.ietf.org/arch/msg/pearg/7W19JyCB0BySB31vfku2mYXRJMk Meeting minutes are available in the mail archive.]
    6473