Designing Privacy into Internet Protocols

This tutorial provides a brief overview of the privacy threats that engineers may encounter during their protocol work.

Key Info

Privacy, as with security, has received increasing attention over the last few years as the number of security incidents and privacy violations increased. While security guidance has been offered in RFC 3552 and has been part of the IETF Newcomer's Training for many years, privacy related guidance has only been available recently with the publication of RFC 6973.

A core part of RFC 6973 is offering a set of questions an engineer should ask himself or herself when designing new protocols or protocol extensions to take common privacy concerns into account.

Slides

Bibliography

  • [1] RFC 3552
    Guidelines for Writing RFC Text on Security Considerations

    All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. This document provides guidelines to RFC authors on how to write a good Security Considerations section. This document specifies an Internet Best Current Practices for the In...

  • [2] RFC 6973
    Privacy Considerations for Internet Protocols

    This document offers guidance for developing privacy considerations for inclusion in protocol specifications. It aims to make designers, implementers, and users of Internet protocols aware of privacy-related design choices. It suggests that whether any individual RFC warrants a specific privacy...

    Dr. Bernard D. Aboba Ph.D., John Morris, Jon Peterson, Marit Hansen, Rhys Smith