Privacy Considerations for Internet Protocols
RFC 6973

Document Type RFC - Informational (July 2013)
Authors Alissa Cooper , Hannes Tschofenig , Dr. Bernard D. Aboba , Jon Peterson , John Morris , Marit Hansen , Rhys Smith
Last updated 2013-07-24
RFC stream Internet Architecture Board (IAB)
Formats
txt html pdf htmlized bibtex
Email authors IPR References Referenced by Search Lists
RFC 6973 
#x27;s presence protocols.

9.  Security Considerations

   This document describes privacy aspects that protocol designers
   should consider in addition to regular security analysis.

10.  Acknowledgements

   We would like to thank Christine Runnegar for her extensive helpful
   review comments.

   We would like to thank Scott Brim, Kasey Chappelle, Marc Linsner,
   Bryan McLaughlin, Nick Mathewson, Eric Rescorla, Scott Bradner, Nat
   Sakimura, Bjoern Hoehrmann, David Singer, Dean Willis, Lucy Lynch,
   Trent Adams, Mark Lizar, Martin Thomson, Josh Howlett, Mischa
   Tuffield, S. Moonesamy, Zhou Sujing, Claudia Diaz, Leif Johansson,
   Jeff Hodges, Stephen Farrell, Steven Johnston, Cullen Jennings, Ted
   Hardie, Dave Thaler, Klaas Wierenga, Adrian Farrel, Stephane
   Bortzmeyer, Dave Crocker, and Hector Santos for their useful feedback
   on this document.

   Finally, we would like to thank the participants for the feedback
   they provided during the December 2010 Internet Privacy workshop
   co-organized by MIT, ISOC, W3C, and the IAB.

   Although John Morris is currently employed by the U.S. Government, he
   participated in the development of this document in his personal
   capacity, and the views expressed in the document may not reflect
   those of his employer.

Cooper, et al.                Informational                    [Page 31]
RFC 6973                 Privacy Considerations                July 2013

11.  IAB Members at the Time of Approval

   Bernard Aboba
   Jari Arkko
   Marc Blanchet
   Ross Callon
   Alissa Cooper
   Spencer Dawkins
   Joel Halpern
   Russ Housley
   Eliot Lear
   Xing Li
   Andrew Sullivan
   Dave Thaler
   Hannes Tschofenig

12.  Informative References

   [CC-SA]    Creative Commons, "Share Alike", 2012,
              <http://wiki.creativecommons.org/Share_Alike>.

   [CC]       Creative Commons, "Creative Commons", 2012,
              <http://creativecommons.org/>.

   [CoE]      Council of Europe, "Recommendation CM/Rec(2010)13 of the
              Committee of Ministers to member states on the protection
              of individuals with regard to automatic processing of
              personal data in the context of profiling", November 2010,
              <https://wcd.coe.int/ViewDoc.jsp?Ref=CM/Rec%282010%2913>.

   [EFF]      Electronic Frontier Foundation, "Panopticlick", 2013,
              <http://panopticlick.eff.org>.

   [FIPs]     Gellman, B., "Fair Information Practices: A Basic
              History", 2012,
              <http://bobgellman.com/rg-docs/rg-FIPShistory.pdf>.

   [OECD]     Organisation for Economic Co-operation and Development,
              "OECD Guidelines on the Protection of Privacy and
              Transborder Flows of Personal Data", (adopted 1980),
              September 2010, <http://www.oecd.org/>.

   [PbD]      Office of the Information and Privacy Commissioner,
              Ontario, Canada, "Privacy by Design", 2013,
              <http://privacybydesign.ca/>.

Cooper, et al.                Informational                    [Page 32]
RFC 6973                 Privacy Considerations                July 2013

   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
              Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

   [RFC2778]  Day, M., Rosenberg, J., and H. Sugano, "A Model for
              Presence and Instant Messaging", RFC 2778, February 2000.

   [RFC2779]  Day, M., Aggarwal, S., Mohr, G., and J. Vincent, "Instant
              Messaging / Presence Protocol Requirements", RFC 2779,
              February 2000.

   [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
              A., Peterson, J., Sparks, R., Handley, M., and E.
              Schooler, "SIP: Session Initiation Protocol", RFC 3261,
              June 2002.

   [RFC3325]  Jennings, C., Peterson, J., and M. Watson, "Private
              Extensions to the Session Initiation Protocol (SIP) for
              Asserted Identity within Trusted Networks", RFC 3325,
              November 2002.

   [RFC3552]  Rescorla, E. and B. Korver, "Guidelines for Writing RFC
              Text on Security Considerations", BCP 72, RFC 3552,
              July 2003.

   [RFC3748]  Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
              Levkowetz, "Extensible Authentication Protocol (EAP)",
              RFC 3748, June 2004.

   [RFC3856]  Rosenberg, J., "A Presence Event Package for the Session
              Initiation Protocol (SIP)", RFC 3856, August 2004.

   [RFC3859]  Peterson, J., "Common Profile for Presence (CPP)",
              RFC 3859, August 2004.

   [RFC3922]  Saint-Andre, P., "Mapping the Extensible Messaging and
              Presence Protocol (XMPP) to Common Presence and Instant
              Messaging (CPIM)", RFC 3922, October 2004.

   [RFC4017]  Stanley, D., Walker, J., and B. Aboba, "Extensible
              Authentication Protocol (EAP) Method Requirements for
              Wireless LANs", RFC 4017, March 2005.

   [RFC4079]  Peterson, J., "A Presence Architecture for the
              Distribution of GEOPRIV Location Objects", RFC 4079,
              July 2005.

Cooper, et al.                Informational                    [Page 33]
RFC 6973                 Privacy Considerations                July 2013

   [RFC4101]  Rescorla, E. and IAB, "Writing Protocol Models", RFC 4101,
              June 2005.

   [RFC4187]  Arkko, J. and H. Haverinen, "Extensible Authentication
              Protocol Method for 3rd Generation Authentication and Key
              Agreement (EAP-AKA)", RFC 4187, January 2006.

   [RFC4282]  Aboba, B., Beadles, M., Arkko, J., and P. Eronen, "The
              Network Access Identifier", RFC 4282, December 2005.

   [RFC4745]  Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J.,
              Polk, J., and J. Rosenberg, "Common Policy: A Document
              Format for Expressing Privacy Preferences", RFC 4745,
              February 2007.

   [RFC4918]  Dusseault, L., "HTTP Extensions for Web Distributed
              Authoring and Versioning (WebDAV)", RFC 4918, June 2007.

   [RFC4949]  Shirey, R., "Internet Security Glossary, Version 2",
              RFC 4949, August 2007.

   [RFC5025]  Rosenberg, J., "Presence Authorization Rules", RFC 5025,
              December 2007.

   [RFC5077]  Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig,
              "Transport Layer Security (TLS) Session Resumption without
              Server-Side State", RFC 5077, January 2008.

   [RFC5106]  Tschofenig, H., Kroeselberg, D., Pashalidis, A., Ohba, Y.,
              and F. Bersani, "The Extensible Authentication Protocol-
              Internet Key Exchange Protocol version 2 (EAP-IKEv2)
              Method", RFC 5106, February 2008.

   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.2", RFC 5246, August 2008.

   [RFC6269]  Ford, M., Boucadair, M., Durand, A., Levis, P., and P.
              Roberts, "Issues with IP Address Sharing", RFC 6269,
              June 2011.

   [RFC6280]  Barnes, R., Lepinski, M., Cooper, A., Morris, J.,
              Tschofenig, H., and H. Schulzrinne, "An Architecture for
              Location and Location Privacy in Internet Applications",
              BCP 160, RFC 6280, July 2011.

   [RFC6302]  Durand, A., Gashinsky, I., Lee, D., and S. Sheppard,
              "Logging Recommendations for Internet-Facing Servers",
              BCP 162, RFC 6302, June 2011.

Cooper, et al.                Informational                    [Page 34]
RFC 6973                 Privacy Considerations                July 2013

   [RFC6350]  Perreault, S., "vCard Format Specification", RFC 6350,
              August 2011.

   [RFC6562]  Perkins, C. and JM. Valin, "Guidelines for the Use of
              Variable Bit Rate Audio with Secure RTP", RFC 6562,
              March 2012.

   [RFC6716]  Valin, JM., Vos, K., and T. Terriberry, "Definition of the
              Opus Audio Codec", RFC 6716, September 2012.

   [RFC6772]  Schulzrinne, H., Tschofenig, H., Cuellar, J., Polk, J.,
              Morris, J., and M. Thomson, "Geolocation Policy: A
              Document Format for Expressing Privacy Preferences for
              Location Information", RFC 6772, January 2013.

   [Solove]   Solove, D., "Understanding Privacy", March 2010.

   [Tor]      The Tor Project, Inc., "Tor", 2013,
              <https://www.torproject.org/>.

   [Westin]   Kumaraguru, P. and L. Cranor, "Privacy Indexes: A Survey
              of Westin's Studies", December 2005,
              <http://reports-archive.adm.cs.cmu.edu/anon/isri2005/
              CMU-ISRI-05-138.pdf>.

Authors' Addresses

   Alissa Cooper
   CDT
   1634 Eye St. NW, Suite 1100
   Washington, DC  20006
   US

   Phone: +1-202-637-9800
   EMail: acooper@cdt.org
   URI:   http://www.cdt.org/

   Hannes Tschofenig
   Nokia Siemens Networks
   Linnoitustie 6
   Espoo  02600
   Finland

   Phone: +358 (50) 4871445
   EMail: Hannes.Tschofenig@gmx.net
   URI:   http://www.tschofenig.priv.at

Cooper, et al.                Informational                    [Page 35]
RFC 6973                 Privacy Considerations                July 2013

   Bernard Aboba
   Skype

   EMail: bernard_aboba@hotmail.com

   Jon Peterson
   NeuStar, Inc.
   1800 Sutter St. Suite 570
   Concord, CA  94520
   US

   EMail: jon.peterson@neustar.biz

   John B. Morris, Jr.

   EMail: ietf@jmorris.org

   Marit Hansen
   ULD

   EMail: marit.hansen@datenschutzzentrum.de

   Rhys Smith
   Janet

   EMail: rhys.smith@ja.net

Cooper, et al.                Informational                    [Page 36]