Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[STDS-802-Privacy] Privacy consideration in bridged networks

To: STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx
Subject: [STDS-802-Privacy] Privacy consideration in bridged networks
From: Mick Seaman <mickseaman@xxxxxxxxx>
Date: Sun, 28 Oct 2018 16:12:21 -0700

The note at:

http://www.ieee802.org/1/files/public/docs2018/e-seaman-privacy-in-bridged-networks-1018-v01.pdf

[also available in the Privecsg area on Mentor as "Privacyconsiderations in bridgednetworks(e-seaman-privacy-in-bridged-networks-1018-v01.pdf)", sign inrequired].

is a result of a dry run of the P802E/D1.1 (Recommended Practice forPrivacy Considerations for IEEE 802 Technologies) suggestion of aself-assessment by the developers of each 802 standard, with the resultsrecorded in a Privacy Considerations annex. I started with IEEE Std802.1AS as the target because the service it provides is ratherdifferent from that offered by 802.11 Access Points to the users ofmobile personal devices.

Working on this I found the scope naturally expanding—it is not possibleto describe IEEE Std 802.1AS privacy exposures without some descriptionof how it operates within a bridged network, which brings in adescription of that network’s operation. In turn that leads toconsideration of what 802.1AS is being used for, and to the privacyexposures inherent in recognizing flows through a bridge network, sotimed gates can be used to shaped traffic in a network. A preliminaryconclusion is that ‘the standard’ so far as P802E and 802.1 is concernedis probably the entire set of 802.1 standards. Of course any adversarytrying to violate personal privacy is not bound to confine attacks tothe scope of any particular standard or set of standards, but we have todraw boundaries somewhere to make work practicable.

I have cast the result in the form of an informative annex that mightconceivably be attached to a one of the 802.1 standards (most likely802.1Q) and that would cover the entire set of .1 standards. However Ishould stress that this note is not a proposal for a PAR, and the resultof any PAR might be a very different approach. For the present the goalis to inform the development of P802E/D1.1 and show one way in which itsrecommendations might be result in a feasible/tractable amount of work.An 802.1Q informative annex would not prevent further detailed workwithin specific standards, and any change to a standard’s mandatory oroptional requirements and recommendations should be in that standard.


Mick

________________________________________________________________________
To unsubscribe from the STDS-802-PRIVACY list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-PRIVACY&A=1

Prev by Date: [STDS-802-Privacy] Minutes of an 802.1 Security Task Group teleconference held Tuesday 23rd October 2018 9.00 Pacific Time
Next by Date: [STDS-802-Privacy] Reminder: P802E teleconference Tuesday 23rd October 2018 9.00 am Pacific - Webex and dial-in details
Previous by thread: [STDS-802-Privacy] Reminder: P802E teleconference Tuesday 23rd October 2018 9.00 am Pacific - Webex and dial-in details
Next by thread: [STDS-802-Privacy] Minutes of an 802.1 Security Task Group teleconference held Tuesday 23rd October 2018 9.00 Pacific Time
Index(es):
- Date
- Thread