p≡p I-Ds (IETF Internet-Drafts)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

879 lines
36 KiB

<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc2629 version -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>
<?rfc toc="yes"?>
<?rfc sortrefs="yes"?>
<?rfc symrefs="yes"?>
<?rfc comments="yes"?>
<rfc docName="draft-marques-pep-rating-02" category="info">
<front>
<title abbrev="pretty Easy privacy (pEp) Rating">pretty Easy privacy (pEp): Mapping of Privacy Rating</title>
<author initials="H." surname="Marques" fullname="Hernani Marques">
<organization>pEp Foundation</organization>
<address>
<postal>
<street>Oberer Graben 4</street>
<city>CH-8400 Winterthur</city>
<country>Switzerland</country>
</postal>
<email>hernani.marques@pep.foundation</email>
<uri>https://pep.foundation/</uri>
</address>
</author>
<author initials="B." surname="Hoeneisen" fullname="Bernie Hoeneisen">
<organization abbrev="Ucom.ch">Ucom Standards Track Solutions GmbH</organization>
<address>
<postal>
<street></street>
<city>CH-8046 Zuerich</city>
<country>Switzerland</country>
</postal>
<phone>+41 44 500 52 40</phone>
<email>bernie@ietf.hoeneisen.ch (bernhard.hoeneisen AT ucom.ch)</email>
<uri>https://ucom.ch/</uri>
</address>
</author>
<date year="2019" month="July" day="07"/>
<abstract>
<t>In many Opportunistic Security scenarios end-to-end encryption is
automatized for Internet users. In addition, it is often required to
provide the users with easy means to carry out authentication.</t>
<t>Depending on several factors, each communication channel to different
peers may have a different Privacy Status, e.g., unencrypted,
encrypted and encrypted as well as authenticated. Even each message from/to
a single peer may have a different Privacy Status.</t>
<t>To display the actual Privacy Status to the user, this document
defines a Privacy Rating scheme and its mapping to a traffic-light
semantics. A Privacy Status is defined on a per-message basis as well
as on a per-identity basis. The traffic-light semantics (as color rating)
allows for a clear and easily understandable presentation to the user
in order to optimize the User Experience (UX).</t>
<t>This rating system is most beneficial to Opportunistic Security
scenarios and is already implemented in several applications of pretty
Easy privacy (pEp).</t>
</abstract>
</front>
<middle>
<section anchor="introduction" title="Introduction">
<t>In many Opportunistic Security <xref target="RFC7435"/> scenarios end-to-end
encryption is automatized for Internet users. In addition, it is often
required to provide the users with easy means to carry out
authentication.</t>
<t>Depending on several factors, each communication channel to different
identities may have a different Privacy Status, e.g.</t>
<t><list style="symbols">
<t>unreliable</t>
<t>encrypted</t>
<t>encrypted and authenticated</t>
<t>mistrusted</t>
</list></t>
<t>Even each message from or to a single peer may have a different
Privacy Status.</t>
<t>To display the actual Privacy Status to the user, this document
defines a Privacy Rating scheme and its mapping to a traffic-light
semantics, i.e., a mapping to different color codes as used in a
traffic-light:</t>
<t><list style="symbols">
<t>red</t>
<t>yellow</t>
<t>green</t>
<t>no color (or gray)</t>
</list></t>
<t>Note: While “yellow” color is used in the context of traffic-lights
(e.g., in North America), in other parts of the world (e.g., the UK)
this is generally referred to as “orange” or “amber” lights. For the
scope of this document, “yellow”, “amber”, and “orange” refer to the
same semantics.</t>
<t>A Privacy Status is defined on a per-message basis as well as on a
per-identity basis. The traffic-light semantics (as color rating)
allows for a clear and easily understandable presentation to the user
in order to optimize the User Experience (UX). To serve also
(color-)blind Internet users or those using monochrome displays, the
traffic light color semantics may also be presented by simple texts
and symbols for signaling the corresponding Privacy Status.</t>
<t>The proposed definitions are already implemented and used in
applications of pretty Easy privacy (pEp) <xref target="I-D.birk-pep"/>. This
document is targeted to applications based on the pEp framework and
Opportunistic Security <xref target="RFC7435"/>. However, it may be also used in
other applications as suitable.</t>
<t>Note: The pEp <xref target="I-D.birk-pep"/> framework proposes to automatize the
use of end-to-end encryption for Internet users of email and other
messaging applications and introduces methods to easily allow
authentication.</t>
<section anchor="requirements-language" title="Requirements Language">
<t>The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”,
“SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this
document are to be interpreted as described in <xref target="RFC2119"/>.</t>
</section>
<section anchor="terms" title="Terms">
<t>The following terms are defined for the scope of this document:</t>
<t><list style="symbols">
<t>pEp Handshake: The process of one user contacting another over an
independent channel in order to verify Trustwords (or by fallback:
fingerprints). This can be done in-person or through established
verbal communication channels, like a phone
call. <xref target="I-D.marques-pep-handshake"/></t>
<t>Trustwords: A scalar-to-word representation of 16-bit numbers (0 to
65535) to natural language words. When doing a Handshake, peers are
shown combined Trustwords of both public keys involved to ease the
comparison. <xref target="I-D.birk-pep-trustwords"/></t>
</list></t>
<!--
[KRB] If my suggestions above are kept [[pEp Handshake]], there is no
need to have the second sentence about the Handshake, as it's already
been related in the Handshake definition.
-->
<t><list style="symbols">
<t>Trust On First Use (TOFU): cf. <xref target="RFC7435"/>, which states: “In a
protocol, TOFU calls for accepting and storing a public key or
credential associated with an asserted identity, without
authenticating that assertion. Subsequent communication that is
authenticated using the cached key or credential is secure against
an MiTM attack, if such an attack did not succeed during the
vulnerable initial communication.”</t>
</list></t>
<!-- TODO: Make clear that we use TOFU without T. -->
<t><list style="symbols">
<t>Man-in-the-middle (MITM) attack: cf. <xref target="RFC4949"/>, which states: “A
form of active wiretapping attack in which the attacker intercepts
and selectively modifies communicated data to masquerade as one or
more of the entities involved in a communication association.”</t>
</list></t>
</section>
</section>
<section anchor="per-message-privacy-rating" title="Per-Message Privacy Rating">
<section anchor="rating-codes" title="Rating Codes">
<t>To rate messages (cf. also <xref target="pep-rating"/>), the following 13 Rating
codes are defined as scalar values (decimal):</t>
<texttable>
<ttcol align='left'>Rating code</ttcol>
<ttcol align='right'>Rating label</ttcol>
<c>-3</c>
<c>under attack</c>
<c>-2</c>
<c>broken</c>
<c>-1</c>
<c>mistrust</c>
<c>0</c>
<c>undefined</c>
<c>1</c>
<c>cannot decrypt</c>
<c>2</c>
<c>have no key</c>
<c>3</c>
<c>unencrypted</c>
<c>4</c>
<c>unencrypted for some</c>
<c>5</c>
<c>unreliable</c>
<c>6</c>
<c>reliable</c>
<c>7</c>
<c>trusted</c>
<c>8</c>
<c>trusted and anonymized</c>
<c>9</c>
<c>fully anonymous</c>
</texttable>
</section>
<section anchor="color-codes" title="Color Codes">
<t>For an Internet user to understand what the available Privacy Status
is, the following colors (traffic-light semantics) are defined:</t>
<texttable>
<ttcol align='left'>Color code</ttcol>
<ttcol align='right'>Color label</ttcol>
<c>-1</c>
<c>red</c>
<c>0</c>
<c>no color</c>
<c>1</c>
<c>yellow</c>
<c>2</c>
<c>green</c>
</texttable>
</section>
<section anchor="surjective-mapping-of-rating-codes-into-color-codes" title="Surjective Mapping of Rating Codes into Color Codes">
<t>Corresponding User Experience (UX) implementations use a surjective
mapping of the Rating Codes into the Color Codes (in traffic light
semantics) as follows:</t>
<texttable>
<ttcol align='left'>Rating codes</ttcol>
<ttcol align='left'>Color code</ttcol>
<ttcol align='right'>Color label</ttcol>
<c>-3 to -1</c>
<c>-1</c>
<c>red</c>
<c>0 to 5</c>
<c>0</c>
<c>no color</c>
<c>6</c>
<c>1</c>
<c>yellow</c>
<c>7 to 9</c>
<c>2</c>
<c>green</c>
</texttable>
<t>This mapping is used in current pEp implementations to signal the
Privacy Status (cf. <xref target="current-software-implementing-pep"/>).</t>
</section>
<section anchor="semantics-of-color-and-rating-codes" title="Semantics of Color and Rating Codes">
<section anchor="red" title="Red">
<t>The red color MUST only be used in three cases:</t>
<t><list style="symbols">
<t>Rating code -3: A man-in-the-middle (MITM) attack could be detected.</t>
<t>Rating code -2: The message was tempered with.</t>
<t>Rating code -1: The user explicitly states he mistrusts a peer,
e.g., because a Handshake <xref target="I-D.marques-pep-handshake"/> mismatched
or when the user learns the communication partner was attacked and might
have gotten the corresponding secret key leaked.</t>
</list></t>
</section>
<section anchor="no-color" title="No Color">
<t>No specific (or a gray color) MUST be shown in the following cases:</t>
<t><list style="symbols">
<t>Rating code 0: A message can be rendered, but the encryption status
is not clear, i.e., undefined</t>
<t>Rating code 1: A message cannot be decrypted (because of an error
not covered by rating code 2 below).</t>
<t>Rating code 2: No key is available to decrypt a message (because it
was encrypted with a public key for which no secret key could be
found).</t>
<t>Rating code 3: A message is received or sent out unencrypted
(because it was received unencrypted or there’s no public key to
encrypt a message to a recipient).</t>
<t>Rating code 4: A message is sent out unencrypted for some of the
recipients of a group (because there’s at least one recipient in
the group whose public key is not available to the sender).</t>
<t>Rating code 5: A message is encrypted, but cryptographic parameters
(e.g., the cryptographic method employed or key length) are
insufficient.</t>
</list></t>
</section>
<section anchor="yellow" title="Yellow">
<t><list style="symbols">
<t>Rating code 6: Whenever a message can be encrypted or decrypted with
sufficient cryptographic parameters, it’s considered reliable. It
is mapped into the yellow color code.</t>
</list></t>
</section>
<section anchor="green" title="Green">
<t><list style="symbols">
<t>Rating code 7: A message is mapped into the green color code
only if a pEp handshake <xref target="I-D.marques-pep-handshake"/> was
successfully carried out.</t>
</list></t>
<t>By consequence that means, that the pEp propositions don’t strictly
follow the TOFU (cf. <xref target="RFC7435"/>) approach, in order to avoid
signaling trust without peers verifying their channel first.</t>
<t>In current pEp implementations (cf. <xref target="implementation-status"/>) only
rating code 7 is achieved.</t>
<t>The rating codes 8 and 9 are reserved for future use in pEp
implementations which also secure meta-data (rating code 8), by using
a peer-to-peer framework like GNUnet <xref target="GNUnet"/>, and/or allow for
fully anonymous communications (rating code 9), where sender and
receiver don’t know each other, but trust between the endpoints could
be established nevertheless.</t>
</section>
</section>
</section>
<section anchor="per-identity-privacy-rating" title="Per-Identity Privacy Rating">
<t>The same Color Codes (red, no color, yellow and green) as for messages
(cf. <xref target="color-codes"/>) MUST be applied for identities (peers), so that
a user can easily understand, which identities private communication
is possible with.</t>
<t>The green color code MUST be applied to an identity whom the pEp
handshake <xref target="I-D.marques-pep-handshake"/> was successfully carried out
with.</t>
<t>The yellow color code MUST be set whenever a public key could be
obtained to securely encrypt messages to an identity, although a
MITM attack cannot be excluded.</t>
<t>The no color code MUST be used for the case that no public key is
available to engage in private communications with an identity.</t>
<t>The red color code MUST only be used when an identity is marked as
mistrusted.</t>
<t>[[ It’s not yet clear if there are proper cases where it makes sense
to set an identity automatically to the red color code, as it
appears to be difficult to detect attacks (e.g., secret key
leakage) at the other endpoint with certainty. ]]</t>
</section>
<section anchor="security-considerations" title="Security Considerations">
<t>[[ TODO ]]</t>
</section>
<section anchor="privacy-considerations" title="Privacy Considerations">
<t>[[ TODO ]]</t>
</section>
<section anchor="iana-considerations" title="IANA Considerations">
<t>This document has no actions for IANA.</t>
</section>
<section anchor="implementation-status" title="Implementation Status">
<section anchor="introduction-1" title="Introduction">
<t>This section records the status of known implementations of the
protocol defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in <xref target="RFC7942"/>.
The description of implementations in this section is intended to
assist the IETF in its decision processes in progressing drafts to
RFCs. Please note that the listing of any individual implementation
here does not imply endorsement by the IETF. Furthermore, no effort
has been spent to verify the information presented here that was
supplied by IETF contributors. This is not intended as, and must not
be construed to be, a catalog of available implementations or their
features. Readers are advised to note that other implementations may
exist.</t>
<t>According to <xref target="RFC7942"/>, “[…] this will allow reviewers and
working groups to assign due consideration to documents that have the
benefit of running code, which may serve as evidence of valuable
experimentation and feedback that have made the implemented protocols
more mature. It is up to the individual working groups to use this
information as they see fit.”</t>
</section>
<section anchor="current-software-implementing-pep" title="Current software implementing pEp">
<t>The following software implementing the pEp protocols (to varying
degrees) already exists:</t>
<t><list style="symbols">
<t>pEp for Outlook as add-on for Microsoft Outlook, release <xref target="SRC.pepforoutlook"/></t>
<t>pEp for Android (based on a fork of the K9 MUA), release <xref target="SRC.pepforandroid"/></t>
<t>Enigmail/pEp as add-on for Mozilla Thunderbird, release <xref target="SRC.enigmailpep"/></t>
<t>pEp for iOS (implemented in a new MUA), beta <xref target="SRC.pepforios"/></t>
</list></t>
<t>pEp for Android, iOS and Outlook are provided by pEp Security, a commercial
entity specializing in end-user software implementing pEp while Enigmail/pEp
is pursued as community project, supported by the pEp Foundation.</t>
<t>All software is available as Free Software and published also in source form.</t>
</section>
</section>
<section anchor="acknowledgements" title="Acknowledgements">
<t>The authors would like to thank the following people who have provided
feedback or significant contributions to the development of this
document: Leon Schumacher and Volker Birk</t>
<t>This work was initially created by pEp Foundation, and then reviewed
and extended with funding by the Internet Society’s Beyond the Net
Programme on standardizing pEp. <xref target="ISOC.bnet"/></t>
</section>
</middle>
<back>
<references title='Normative References'>
<reference anchor="RFC4949" target='https://www.rfc-editor.org/info/rfc4949'>
<front>
<title>Internet Security Glossary, Version 2</title>
<author initials='R.' surname='Shirey' fullname='R. Shirey'><organization /></author>
<date year='2007' month='August' />
<abstract><t>This Glossary provides definitions, abbreviations, and explanations of terminology for information system security. The 334 pages of entries offer recommendations to improve the comprehensibility of written material that is generated in the Internet Standards Process (RFC 2026). The recommendations follow the principles that such writing should (a) use the same term or definition whenever the same concept is mentioned; (b) use terms in their plainest, dictionary sense; (c) use terms that are already well-established in open publications; and (d) avoid terms that either favor a particular vendor or favor a particular technology or mechanism over other, competing techniques that already exist or could be developed. This memo provides information for the Internet community.</t></abstract>
</front>
<seriesInfo name='FYI' value='36'/>
<seriesInfo name='RFC' value='4949'/>
<seriesInfo name='DOI' value='10.17487/RFC4949'/>
</reference>
<reference anchor="RFC7435" target='https://www.rfc-editor.org/info/rfc7435'>
<front>
<title>Opportunistic Security: Some Protection Most of the Time</title>
<author initials='V.' surname='Dukhovni' fullname='V. Dukhovni'><organization /></author>
<date year='2014' month='December' />
<abstract><t>This document defines the concept &quot;Opportunistic Security&quot; in the context of communications protocols. Protocol designs based on Opportunistic Security use encryption even when authentication is not available, and use authentication when possible, thereby removing barriers to the widespread use of encryption on the Internet.</t></abstract>
</front>
<seriesInfo name='RFC' value='7435'/>
<seriesInfo name='DOI' value='10.17487/RFC7435'/>
</reference>
<reference anchor="I-D.birk-pep">
<front>
<title>pretty Easy privacy (pEp): Privacy by Default</title>
<author initials='H' surname='Marques' fullname='Hernani Marques'>
<organization />
</author>
<author initials='B' surname='Hoeneisen' fullname='Bernie Hoeneisen'>
<organization />
</author>
<date month='March' day='7' year='2019' />
<abstract><t>The pretty Easy privacy (pEp) protocols describe a set of conventions for the automation of operations traditionally seen as barriers to the use and deployment of secure end-to-end interpersonal messaging. These include, but are not limited to, key management, key discovery, and private key handling (including peer-to-peer synchronization of private keys and other user data across devices). pEp also introduces means to verify communication peers and proposes a trust-rating system to denote secure types of communications and signal the privacy level available on a per-user and per-message level. Significantly, the pEp protocols build on already available security formats and message transports (e.g., PGP/MIME), and are written with the intent to be interoperable with already widely-deployed systems in order to facilitate and ease adoption and implementation. This document outlines the general design choices and principles of pEp.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-birk-pep-03' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-birk-pep-03.txt' />
</reference>
<reference anchor="RFC2119" target='https://www.rfc-editor.org/info/rfc2119'>
<front>
<title>Key words for use in RFCs to Indicate Requirement Levels</title>
<author initials='S.' surname='Bradner' fullname='S. Bradner'><organization /></author>
<date year='1997' month='March' />
<abstract><t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t></abstract>
</front>
<seriesInfo name='BCP' value='14'/>
<seriesInfo name='RFC' value='2119'/>
<seriesInfo name='DOI' value='10.17487/RFC2119'/>
</reference>
</references>
<references title='Informative References'>
<reference anchor="I-D.birk-pep-trustwords">
<front>
<title>IANA Registration of Trustword Lists: Guide, Template and IANA Considerations</title>
<author initials='V' surname='Birk' fullname='Volker Birk'>
<organization />
</author>
<author initials='H' surname='Marques' fullname='Hernani Marques'>
<organization />
</author>
<author initials='B' surname='Hoeneisen' fullname='Bernie Hoeneisen'>
<organization />
</author>
<date month='March' day='11' year='2019' />
<abstract><t>This document specifies the IANA Registration Guidelines for Trustwords, describes corresponding registration procedures, and provides a guideline for creating Trustword list specifications. Trustwords are common words in a natural language (e.g., English) to which the hexadecimal strings are mapped to. This makes verification processes (e.g., comparison of fingerprints), more practical and less prone to misunderstandings.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-birk-pep-trustwords-03' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-birk-pep-trustwords-03.txt' />
</reference>
<reference anchor="I-D.marques-pep-handshake">
<front>
<title>pretty Easy privacy (pEp): Contact and Channel Authentication through Handshake</title>
<author initials='H' surname='Marques' fullname='Hernani Marques'>
<organization />
</author>
<author initials='B' surname='Hoeneisen' fullname='Bernie Hoeneisen'>
<organization />
</author>
<date month='March' day='25' year='2019' />
<abstract><t>In interpersonal messaging end-to-end encryption means for public key distribution and verification of its authenticity are needed; the latter to prevent man-in-the-middle (MITM) attacks. This document proposes a new method to easily verify a public key is authentic by a Handshake process that allows users to easily authenticate their communication channel. The new method is targeted to Opportunistic Security scenarios and is already implemented in several applications of pretty Easy privacy (pEp).</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-marques-pep-handshake-02' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-marques-pep-handshake-02.txt' />
</reference>
<reference anchor="GNUnet" target="https://grothoff.org/christian/habil.pdf">
<front>
<title>The GNUnet System</title>
<author initials="C." surname="Grothoff" fullname="Christian Grothoff">
<organization></organization>
</author>
<date year="2017" month="October" day="07"/>
</front>
</reference>
<reference anchor="ISOC.bnet" target="https://www.internetsociety.org/blog/2017/06/12-innovative-projects-selected-for-beyond-the-net-funding/">
<front>
<title>Beyond the Net. 12 Innovative Projects Selected for Beyond the Net Funding. Implementing Privacy via Mass Encryption: Standardizing pretty Easy privacy’s protocols</title>
<author initials="I." surname="Simao" fullname="Ilda Simao">
<organization></organization>
</author>
<date year="2017" month="June"/>
</front>
</reference>
<reference anchor="RFC7942" target='https://www.rfc-editor.org/info/rfc7942'>
<front>
<title>Improving Awareness of Running Code: The Implementation Status Section</title>
<author initials='Y.' surname='Sheffer' fullname='Y. Sheffer'><organization /></author>
<author initials='A.' surname='Farrel' fullname='A. Farrel'><organization /></author>
<date year='2016' month='July' />
<abstract><t>This document describes a simple process that allows authors of Internet-Drafts to record the status of known implementations by including an Implementation Status section. This will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature.</t><t>This process is not mandatory. Authors of Internet-Drafts are encouraged to consider using the process for their documents, and working groups are invited to think about applying the process to all of their protocol specifications. This document obsoletes RFC 6982, advancing it to a Best Current Practice.</t></abstract>
</front>
<seriesInfo name='BCP' value='205'/>
<seriesInfo name='RFC' value='7942'/>
<seriesInfo name='DOI' value='10.17487/RFC7942'/>
</reference>
<reference anchor="SRC.pepforandroid" target="https://pep-security.lu/gitlab/android/pep">
<front>
<title>Source code for pEp for Android</title>
<author >
<organization></organization>
</author>
<date year="2019" month="July"/>
</front>
</reference>
<reference anchor="SRC.pepforios" target="https://pep-security.ch/dev/repos/pEp_for_iOS/">
<front>
<title>Source code for pEp for iOS</title>
<author >
<organization></organization>
</author>
<date year="2019" month="July"/>
</front>
</reference>
<reference anchor="SRC.pepforoutlook" target="https://pep-security.lu/dev/repos/pEp_for_Outlook/">
<front>
<title>Source code for pEp for Outlook</title>
<author >
<organization></organization>
</author>
<date year="2019" month="July"/>
</front>
</reference>
<reference anchor="SRC.enigmailpep" target="https://enigmail.net/index.php/en/download/source-code">
<front>
<title>Source code for Enigmail/pEp</title>
<author >
<organization></organization>
</author>
<date year="2019" month="July"/>
</front>
</reference>
</references>
<section anchor="excerpts-from-the-pep-reference-implementation" title="Excerpts from the pEp Reference Implementation">
<t>This section provides excerpts of the running code from the pEp
reference implementation pEp engine (C99 programming language).</t>
<section anchor="pep-rating" title="pEp rating">
<t>From the reference implementation by the pEp foundation, src/message_api.h:</t>
<figure><artwork><![CDATA[
typedef enum _PEP_rating {
PEP_rating_undefined = 0,
PEP_rating_cannot_decrypt,
PEP_rating_have_no_key,
PEP_rating_unencrypted,
PEP_rating_unencrypted_for_some,
PEP_rating_unreliable,
PEP_rating_reliable,
PEP_rating_trusted,
PEP_rating_trusted_and_anonymized,
PEP_rating_fully_anonymous,
PEP_rating_mistrust = -1,
PEP_rating_b0rken = -2,
PEP_rating_under_attack = -3
} PEP_rating;
]]></artwork></figure>
</section>
</section>
<section anchor="document-changelog" title="Document Changelog">
<t>[[ RFC Editor: This section is to be removed before publication ]]</t>
<t><list style="symbols">
<t>draft-marques-pep-rating-02:
<list style="symbols">
<t>Add Privacy and IANA Considerations sections</t>
<t>Updated Terms</t>
</list></t>
<t>draft-marques-pep-rating-01:
<list style="symbols">
<t>Update references</t>
<t>Minor edits</t>
</list></t>
<t>draft-marques-pep-rating-00:
<list style="symbols">
<t>Initial version</t>
</list></t>
</list></t>
</section>
<section anchor="open-issues" title="Open Issues">
<t>[[ RFC Editor: This section should be empty and is to be removed
before publication ]]</t>
<t><list style="symbols">
<t>Better explain usage of Color Codes in Per-Identity Privacy Rating</t>
<t>Decide whether rating code scalars 6 and 7-9 should be raised to
leave space for future extensions</t>
<t>Add Security Considerations</t>
<t>Add more source code excerpts to Appendix</t>
<t>Add rating codes for secure cryptographic methods and parameters
and reference them</t>
</list></t>
</section>
</back>
<!-- ##markdown-source:
H4sIAMtLIl0AA81b2XIbSXZ9r6/IYT802UOAi6iFtMcxFEW1GNMUZZHyeKxW
MBJVCaCGtWAqq0ih2XL4N/x7/hKfczNrJUCpx3aEFd1BAJXL3e+5N7NGo1EQ
5lGczY5UVU5HL4KgjMvEHKmNRWHKcqlOtV2qRRHf6nCpNheni60jda4XC0xR
+VS980/e6xK/bAR6MinM7WPTm6FRHmY6xVZRoaflKNXF3ypjRwuzGBUyZLS7
H4S6NLO8WB6pOJvmQWBLnUXXOskzTFwaGyziI/WxzMNtZfOiLMzU4tMydR/C
PE1NVtpPQaCrcp4XR0Gg1Aj/K6xnj9SbMZiRfeU3R88bU2Q6i3tP8gISAvnq
dV5lEcjLM/ndYktTHqmLiSlMoX4s9MRk6kCehXEJuk/ejF4c7O6qP8dZaYpy
XhXuIdYpydflXVz+YooEfMkDk+o4OVJzR8TYi+WPEMt42t+7KsD7vCwX9mhn
p/98Z8Dny7F6k5vMxNZkHU5fYpPYDB4Jqx8gOnVJYesisuqq0OGNusyTiqtb
9WM6eSODa31z/Dic92SysTEQw+7BM/VvlSliP3CtDBZz0e/G7w/21MGBegrx
Pd1XB7sbXQlNhPg/xqacjuc1B6BBbfLJHHS3P6vjK1U5Erceys4/gdCyvEgh
wFtzhFHvX58cHB4cHgXfKfny9Mn+vv/9+cGTp/x4Nno1nsTFDa0WthXQSJsV
/LSDFy92u2vsNV+e7z99IV+4TNf+HYeD9UdlUdnyLoc+3ArDWc5r6mndJ3MI
1s71jbD149sPGdQjYih1MaOqaknMihxuMp2OYQQ74byIbRnrbGeuJ3EyXkRT
N8lHiKu58Yupy6UtTerUU3uaUq2hndRLwUPcDv6xWOfJuP8zbBhz9nf3no/2
dke7z4OG3UahwtaNWdplFgrHlxcn48lavu7u7sbifxhh8xA2sxQWJ0k+2+FG
O7vPdvb2R3GW5beivtGiyP9qwtKOrEnw10QjqHY0Mcs8i0bl3Iyw1GgKh4PM
d3pyeSljFMaot6Ycq719ddasi4jp1lWXfl2FdVV/jnrt1h2rs3SRGMYwxts6
2N7GGsHJWnWahcVyQZc8apw1/oVDV4Tf//qP/7T4nCNY5oldr6uzJNLqMk51
3tXR2bjzW0dBu8+8Rxwe7ItZXr4/GUM5YV54F3igjEGoisztjh/oBHiCqYjm
VREahIjIKDCmENARYTP8FNcikelMQozLmyabxZkbqyO9gK7tllu2ofYFbamh
EGLH4CKPo9U2QwuzJkSkgLEk1c4M1OnJjp/Dx12tX3bopUJJE/8eu+F9sR0O
CYlz+w1EIERRWIVZ5HYHG1xj5nV8cbnzLYRg3FeIyKsyyfObb5PGQ0Iu3PRv
IsaPXUuQyeIZY6CE1VXk1APG8MKdOIvM5/FivsDPO1F+lyW5jnacBY2492Mk
nfqVyMcKeoLRaIQsh5ymwzIIzjKV6mypLhYLwI0qY1QL4cpOMMqGJtPUpjKM
EvkIf/Cx9lIVWwKRnBniF+/5Zz4sqcrCZOHxGew3ijl8W8UlpsDES6Swwvyt
igvMKvMAbnwbgwHGC5mnkEHnytDdU6ORoctchboolgpaFTdnDAnFZcZB8Mos
jEQYBaKsuTWFTtQUHOYFYJPRyKLETuDPTVEhUkhmEi4bxVNxxTJYGO6c6qWa
a0Q23T5qQhWiUllxyfFsvK2qzMvCRNtB81F8tvMNzJgk4d8O3SYaq9NbiEGI
S421egYFFnm6A3loZcFMYhRJ+haKIIMrsmIXCQZTjGC+ghD6w8hvLeNtfIIy
AFsrRp8gMlMEHBA5AMEwgjnik3AVl5SPQ8tYSiuY0XQah6Mkns3LwCLRkz2o
/Xi4M7eSHSLqSIOzYlSzPdEWj72gAvxtRsAosCAsUYaMFXN0b0/V7Kk2MRGp
ADbokMOWCnSS5HdW7FKrMDG6cMrBYskS6ougcMkzE8q6MLYJwx1BKcAgoEiM
5a85LD+FtcvjD3x8+hmUxhLLNz/86xZVQcEWXnoCJch+mtsSKC+DFMJYi+2t
drugdTsROv4khdHRss0VkGLcWjo0knjLtpJAJFsGD4uVsfP/NI6ixBCGwFuL
PKpCAeFfiwb39x4qfvmyMjIEvcig/t7IEHQig/ptkSH4P4oM3gxj8xvCQxD8
AAsrTBLTuvitiQm9Ly7FdyMDH6eQPfExv62OEzBJ54NfCxXB/+tQAdWPDWKp
7o5uJescmtlNAgSoEcvXQW+5I4qscJJbGjo9P81Qt2X8kOV+nU38Pyv0cisI
3uZMi3+exxDdhpuz4UfF7T6UQJjDcD+XdKzepjbYdGkA497CX+bqOGUxqLfk
JxQAUMhCF6X4JFdCsZNEys+S+PGnrUBEi/9miAwwTsQlwYbe/sHzBoHdzGxQ
4Rs6RTW4oRwBY5TvBRdCxMgXxm3TUdR2w9l2PXNblNMsKVt5VQcWeLmNp7CT
vz+IKx/Eg/9xEP/fieG/MYQreAh+px8lNg82haLR1iQBNBvEMXHDeW65D603
zbMclWYOUXofs6Lr2mCd6jyPLd90XO6FBFEzASFPAMEk5itaIMAWtrfLdIKC
RwRi41mmE3EaMVRYjV3kLt499Po5l86BcbGyqDF2GUMXZmWG4W7eEYLVKWZV
P+z+vlvlf/lCfQMn1jZJG3Lo1xt4d2EYiDMtsiPguoBNwm1uSEzw9bzEvtAd
o7xkFAp14nTYMOLcsrcrTM5WcUkDGteB4coTMOSmQ5GXpUTKNteJrrEZhbQa
ND/MhTKWoF1ELhQGzq2oyD6tDK0+aTMbGdheJCR4hxB3eZgHg+9QO753iVV6
iOonRIAKjusM48YslfRi1Mb5h8srBgz+VW8v5PP703/+cPb+9BU/X745/umn
5oMbEeDLxYef/HN+ameeXJyfn7595SafH/+ljkEX767OLt4e/7ThAm3XRmiR
pfiCdDlobA5JIw2ERTxxwfn+/ndQ/P7e3iEUH3ger0yRWsfTNKcsxDv4o6xa
h6+pC5xqdeBk7+sH0f+bptWkvP9A7KKwPPPwkPkBKVRUlTnzym9pY+w/spYj
ApFc5qFFNxZhYDxdqqumFyY5Cn4/hSInOpTyFSTPKAUIw245fwLmySifiGTE
7B8Vlt0DcoXKdwaIZGnRsZ0bVuvYZ4IcvxLrIEAl8Q0xgzQqMTrE5mNv+ysb
b1++UEAt1UcA/BazdEGD509ILb1gDIntPRtN4JVZxUwERndZ+in17OnTJ0+3
KIwMkYr4LPGm6SxyjCwNABTlIuFWI9vKFWxQK1axcxTK5G8i+u0IFDtPoBa1
qCCOkJaORJbd5smti0BwHOe17OCmSNgxJDkeeH6nW0ne//F3o1EQfPzT+5ef
1NlUpYjT1WwGkTsnneRMHQXdalGqjx97lvTpkyQEPIUaszzIjKNDcJvYpAnZ
PJMcwJSE5VD08kmHdzhDXH7flAbBxEhNneiyRS7N8E64lxLgnxrtqYtMvY6R
QZkI1ebVxesPW0cqnI67UXVb3c1jwE9YVGmg6w1Cd4ir7r5tK84Tq/GJOgzB
uPMIMAKw7XTXqgCWSnkD5TBMsYaxbGQK9YLwYd74yRTCjgcQ2/KIOF/1egCS
/3TpJ5BJdVlNLKKdg5Bdm5eBse2vYCKfvSWNAmnjB0dkl0SoS1pG0MhMx5kV
MjJ1Hl+dK10iBtwg60xhCaEjX34CCoig5ZI/h9R0VBV+J7pllRD1EbqIfoYu
Ot5wtgYBv7rgSRV06TCQ8HEnIchJ34tGXY2VV/C5zkYIDWzuuopPbZ6fXZ1v
eco6aua5wAo1HzP25EVKF2KEg33eIX+UHqh7BmFsbp7UEvIbYpsEblqBiFrM
mf1hrIEkleZA+KymWmYpGV1qOkKqLTRXaLZKrcRZMZaUfVSPpJtyrHFkFgUD
Vdcm5eXIBKHeAY+ee8TaL14kffg65oT1htRJQKGmLrsQsigxgRP39+0RxZcv
Ww7Otwln70m9qi9dOqmHcENCpbrVScVVIxPGqU62kHZ+rUmQhl7zLdETJI72
36/Br0ejzr9fR6v/HWFgM2n0BBMdYq5111uxHbjPgZMiv0FMGf7rDdzjwLpW
fWSg2q23djJYP1BWRHKjy0AuBE2rBwqNEjNR3tFZ163ouW4L7nUDD4YDBWIT
yQ8GPnUD69p+PTPPOHDlsMHA5xzoC3712MAX3YHSOcjybJlKk6U38JADpxXr
STckR/3WrEhbP5ESxJs6C0nErB4upS+29RWcXLsspG8BVYWjfo0RxHboB1Lm
wMLXlHtbXccQ6z9p6n1Vf2lsf2D0Q5s/GlgmJb9e2bt43vQFVjznfFc8r56/
j+fSYOiuT7FeVsVfXaDrXizoBhbGxrwv/pNe6baqJh2cE0mLgs2fZrcgbXej
Eh7uyF87u6pNwoRuVRp0FWO9Gu0wKln1iJqGgamvpV9X6gtxCdSJxtaqr5U9
USM88BFVNo+6+qIzPqLedv3nXP9QPaLqX32HtxZ4p18EdCBtKwK+ocKwrKvX
JfcPOiubLhf7+SObT8s7+MYo7hyYugqUTVyaWdM6gL6dBuik/QT2HVMa22Ks
XShOJyOp7PIskeq4bXWBRURey9RP+NBNRKMnRPjp44CCFyCSSKoS1Gs8Cx4/
WGff1VF10+gOZlaaFJbucd/DGXtuhgQk85mlcFyCcgdSFNfy6cdKQwqlP7CC
a7FNTKidm7RI+NGihmuhjA9dzQRJ3bHyaA4CCLyoSOm1dJEGu3zAccKOR0Au
OqfiVsrlqVleliZb0aoBqgSqkiSGLW5EblTdWx8l2JRQdgGUQFfdlE4Y25hO
nVtOnxC7q4E8+O8EYdHpULC7olGvB19NFqxUoQqIzlccnb6FdUFeubKldDi0
bt82qX24zd5gG84UC6mT7GatJYLMTJmiELQnO7COdm2worPkPhYAa1sPbAXG
9dZhAXYimyzFhrJHErohpdk2pn6ouDbvuwKkW61MxRYIcrO8q67a4gUoQwYP
aXrS5Z/HQiY0MQGrtP8QKojZO6ADK3VIE8KaKV1s4voXhfmeyuiSKjW1H9fh
V3rwWCleIKeUD+k8GNC5irYWELkcg42aFSUO0SzzatFyUJMI5ABrAUQkmm/m
sB+nxMzctDvpo3Z48ZbWU6WrkGmnD5l4OmCiPZ4Vg5YvOTxnAVXSaXVqeLGC
Mm+b8v1RrsOmEKOSfOnk7vw0m5XzLd98QDFYMY2SKe+7f2mOIboEPjuSZoaR
/tDQ+3rKbR2E1sgGR7PDWj62XUsgRLaJxY8b7DlWZ6XzXCYtCfhelD4Jtucs
nv4f68OTLvnPB/IdLuayZLsWgyjTTEzTYE6cf2MchtkLyyG7bQ7F8pAvpmwq
ivjlUtiUEj80rhqW88Bt97luILsmrW90R3n2fcn7fHGIFBK4CClDpYLeHLQ9
tth6LXIdzrd7PTt9yxswnd67FD91/e2aUq6v5wv9uGh6f1P2WsZy1PoYVvCk
9H8euQhMwijVoBsTn0vIC+cxTCvyzf6ii9leSD46FMDNvlxx6/15WpVsaUi8
yUhMMCTGBT4pe33/A+amR1Kub3aJeIE6GLFaWimBS8ZsB8rJZNs3l16jv2h3
f+8+sPkA+naY2kQpoCwYVi+9nGv7Wx9usXvBppqLDXJe4ANn4RV/k2FhOUeV
Lq1PcqK8iSnvjM/NmL/I2Wp10T2gZ7a9VCXOi3EJLHPc9BTO6jOuYVOBipCD
tR7ylhxbY9bt2gmpIXEhD7+LpvMQ1PhQDqJEozSDOvHLEYHXZ+eselNscYt3
icUroBPXsWaeHZ6f1d2fznw52CkHYAdVnoJL2Zjx2EO2qxW+/4A4ek7W9PIY
7NPaTYPfEBfWRoWgQ8yDqNZiJFjdXRuCO8mmyeX5pNTSpShrg8dGdUZtekF9
dmC+Cf1/BkcJCIobTNxAHvM5TKqo8c6mYumRJ2i8PpwIXWca4ayf4nntqpsS
kYskIGerNWabjmpN7XhYEbQ09MoCgb9dpUnMLwTd2qC9o4D1fv7480ckme9d
xl4ajw8Z+l2zm4GH0Vjsj8dmzl3lmO7GCOCw7mabk3vZ27g+YAvlhNynmz79
vifulmBi0oX1p0i8TxCHVVI6LMjixOvH1pm/BXVuAQJxCJW1jezlDnbq2OAk
GiIQwFIgT6V+/vTzJ4kGzbHkiU/DTgdeQuzjtmPrYPENQ8+O3x4/GHfVPbRC
chUsqEOndDlnxCwXpM7610x9x4aVZP8OkCxpjXwjUpMjFMFcrlAFymMczR6k
LA8J6zOBpt05Wbqztbp+8b1ZJ9UydmASAaVsehcw77oPNXrFlym263tQzfmw
9oldJ8MjQX93lyeCNHH3dFEfQQ2J9iePDcOxtEqYQeReokaYs47Ss9Or1xzO
ey3s11qp+9xxoDRY+AUx0Mo5grwDQusLQI8dq3eJnDLBNUyLT5K4YZq3rmIU
g7dxxKs4fTIDcZQoN863+JDxKMoLK4OciB2JY/W6YnYq2C2XFGOmMIQyoHHI
GRH0kJWdo0fObO75C0/17QPZ1p0zwNtt5eM4dhNh8NwTgq94lQoOcOXvsQiJ
tQy1dbpLmWTxhMmUuA1xw8XXCd0WAaHUSe4k0QS2BwZWOCwVTA3PCQ02fW90
5I8AlY5uY+sWbcXsvHa4UqqXgfkcCxA7Dmni/t5Rx3y21cbPH8fj8c+fnIXc
xbzVIlmlMLexuZN9ATKIaThdShiXFiyxoYoq00Dx5kJK7azW0Vef+QXuXqBc
MiqqLKtxTZ2UeZPBX0hBVcMbcUS9GMwjBLlfZqRd2Do4pT41JuIZcmevVPvL
dN2LHs0t+kDOWFIRL0sGaW0t6nDbMdCHTLtqD67btSUtoYOkGyDfkqcwbDx7
4Fs3uVS3ySVwYHB8v3pgB+I76tUmrVoXhN1BZAhI2Mj0N1tE4a4NMri2LVdz
o2jk72acx2GRc8v6+TbLKPHf+/sH18u/fOks6G/Ho/5tA9WUmNf3ZP90iCR7
vLV6QX8TXxbs3uIekpf/AlPU8DfBbpO4iIbrda6b98iLLy7V5uAOqQagvfNU
AQXrHklxLqfdA/a2ZSEaWCNAl9tplxIfOKHOg9v+XM4UvPUa+Hwu2QDlk7zd
ATJ4VUaw6VqjoCcgKvTutxOKVoWt3KmaBz0lbyTJSynI6pVcGarTkBm880b/
h1u3e3bbRljxNVuil/VTciwoTOoAqYd4CdddwKfRu0x7HDJBJiaauZs2zprd
qymII4IypQYSt9LZzaBdtzA5b3wBHzuXrQUbNO7sb35JNpUDbh+I6zZzKYnv
1iT5QvJDnVWb6y3qJ0MMEM6rlIfdrnX8L3nCg9uXcXHjYYCUa4Tc/myaeBvO
VLZKbkXp4jxP1Ov4GMl1NfPZpwJBTP4FoyZj1cdNl+4lJqDH/ptDwTsmVZ0S
JUgHsvtO0OlCbmnUr0rRUnm7mSKiHk4/A58tEGnltmyt/PfNizd9RDRAPl7o
lqjdreJduBudeysHa1/p4bb+dZ7Nk8NDBxTAkzvYdVddfFefQwtfOb6uF1+7
cMempx1F2CLc8WXKtV7E4zmC3r/7f/4dqHK5MABoIKtK1fW703fXvpi+D9pz
j/bn6/bk9g9qd3v1GFfpXPvG1ZpBtOjrLL8Gzl4zovdSxddGyJs67EiuHVp3
wNYM+MpjX988/vRa3uFtzmHXDJZ69brpZmwHq4c1h+l/UKO9NUtNdguezGPE
/lq+kRqufQmKcU/8sC+dQf/QGgW85VVdRZzMeTUYaMyXIUBE6jSKgfKO1NUA
K7vqqjBpzm7SxEwJH1yh6izUly8/PPZSNG+4/aCOo6gphxg3VtQ79c5WJnxY
RBKJ5MKfenyPvaPOlNaf3ELncYaAasCifXyVXbfKmb+oA/xsJXB8py6AqdWZ
tXy9+itSs/P6kMyki3JZVzY9STplrRXnDwiSZemPw1B/Anux/G/OAesj30cb
Uz+oV8jAEfOMEZDc7aa5+ylWPRPyno8OO2QX2sPsQIpkJCi70C4B1r1EiflW
NOUUu64mdk/T4QuSTcyFVI4X8gLHZz+219OU4wjXkVzVtHe3ZXtt/v6rl+A7
Df4bBbOIKDRAAAA=
-->
</rfc>