Privacy Requirements for IETF Protocols
draft-cooper-ietf-privacy-requirements-00

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Last updated 2013-09-20
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Additional URLs
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          A. Cooper
Internet-Draft                                                       CDT
Intended status: BCP                                          S. Farrell
Expires: March 24, 2014                           Trinity College Dublin
                                                               S. Turner
                                                              IECA, Inc.
                                                      September 20, 2013

                Privacy Requirements for IETF Protocols
             draft-cooper-ietf-privacy-requirements-00.txt

Abstract

   It is the consensus of the IETF that IETF protocols be designed to
   avoid privacy violations to the extent possible.  This document
   establishes a number of protocol design choices as Best Current
   Practices for the purpose of avoiding such violations.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 24, 2014.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Cooper, et al.           Expires March 24, 2014                 [Page 1]
Internet-Draft   Privacy Requirements for IETF Protocols  September 2013

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Recommendations  . . . . . . . . . . . . . . . . . . . . . . .  5
   4.  Examples and Explanation . . . . . . . . . . . . . . . . . . .  6
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  8
   7.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  9
   8.  Informative References . . . . . . . . . . . . . . . . . . . . 10
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11

Cooper, et al.           Expires March 24, 2014                 [Page 2]
Internet-Draft   Privacy Requirements for IETF Protocols  September 2013

1.  Introduction

   The IETF has long-standing principles that support strong security in
   protocol design and a tradition of encouraging protocol designers to
   take these principles into account.  [RFC1984] articulated the view
   that encryption is an important tool to protect the cofidentiality of
   communications, and that as such it should be encouraged and
   available to all.  [RFC3365] requires that all protocols implement
   strong security.  [RFC3552] provides guidance about how to consider
   security in protocol design and how to document security choices.  In
   [RFC2804], the IETF established a policy of not considering
   wiretapping requirements in IETF protocols.  [RFC6973] explains the
   many different aspects of privacy that can be affected by Internet
   protocol design and provides guidance to help designers consider
   privacy in their work.  This document extends the existing body of
   IETF principles concerning security by articulating Best Current
   Practices for avoiding egregious privacy violations and establishing
   support for privacy as a principle of IETF protocol design.

   These principles, old and new, should be applied when designing new
   protocols, and where applicable, should be considered for updates of
   existing protocols.

   Discussion of this draft is directed to the ietf-privacy@ietf.org
   list.

Cooper, et al.           Expires March 24, 2014                 [Page 3]
Internet-Draft   Privacy Requirements for IETF Protocols  September 2013

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
Show full document text