p≡p I-Ds (IETF Internet-Drafts)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
internet-drafts/medup-requirements/review/draft-symeonidis-medup-requ...

1008 lines
34 KiB

Network Working Group I. Symeonidis
Internet-Draft University of Luxembourg
Intended status: Standards Track B. Hoeneisen
Expires: December 26, 2019 Ucom.ch
June 24, 2019
Motivation and Requirements for Decentralized Usable Privacy
draft-symeonidis-medup-requirements-00
Abstract
[RFC8280] has identified and documented important principles in such
as Data Minimization, End-to-End and Interoperability in order to
enable access to Human Rights. While (partial) implementations of
these concepts are already available, today's applications widely
lack Privacy support that ordinary users can easily handle. This
document covers analysis of threats and requirements.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 26, 2019.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 1]
Internet-Draft MEDUP Motivation and Requirements June 2019
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
1.2. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Motivation and Background . . . . . . . . . . . . . . . . . . 3
2.1. Objectives . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Known Implementations . . . . . . . . . . . . . . . . . . 4
2.2.1. Pretty Easy Privacy (pEp) . . . . . . . . . . . . . . 4
2.2.2. Autocrypt . . . . . . . . . . . . . . . . . . . . . . 6
3. Basic Functional Requirements . . . . . . . . . . . . . . . . 6
4. Threat Analyses . . . . . . . . . . . . . . . . . . . . . . . 7
4.1. Establish Evaluation Criteria for: . . . . . . . . . . . 7
4.2. Focus Areas (Design Challenges): . . . . . . . . . . . . 7
5. System Model . . . . . . . . . . . . . . . . . . . . . . . . 7
5.1. Entities . . . . . . . . . . . . . . . . . . . . . . . . 7
6. Problem Areas . . . . . . . . . . . . . . . . . . . . . . . . 7
6.1. Security Threats and Requirements . . . . . . . . . . . . 7
6.1.1. Spoofing and Entity Authentication . . . . . . . . . 7
6.1.2. Information Disclosure and Confidentiality . . . . . 8
6.1.3. Tampering With Data and Data Authentication . . . . . 8
6.1.4. Repudiation and Accountability (Non-Repudiation) . . 9
6.2. Privacy Threats and Requirements . . . . . . . . . . . . 9
6.2.1. Identifiability - Anonymity . . . . . . . . . . . . . 9
6.2.2. Linkability - Unlinkability . . . . . . . . . . . . . 9
6.2.3. Detectability and observatility - Unditectability . . 10
6.3. Information disclosure - confidentiality . . . . . . . . 10
6.4. Non-repudiation and deniability . . . . . . . . . . . . . 10
7. Specific Security and Privacy Requirements . . . . . . . . . 11
7.1. Messages Exchange . . . . . . . . . . . . . . . . . . . . 11
7.1.1. Send Message . . . . . . . . . . . . . . . . . . . . 11
7.1.2. Receive Message . . . . . . . . . . . . . . . . . . . 11
7.2. Trust Management . . . . . . . . . . . . . . . . . . . . 11
7.3. Key Management . . . . . . . . . . . . . . . . . . . . . 11
7.4. Synchronization Management . . . . . . . . . . . . . . . 12
7.5. Identity Management . . . . . . . . . . . . . . . . . . . 12
7.6. User Interface . . . . . . . . . . . . . . . . . . . . . 12
8. Subcases . . . . . . . . . . . . . . . . . . . . . . . . . . 13
8.1. Interaction States . . . . . . . . . . . . . . . . . . . 13
8.2. Subcases for Sending Messages . . . . . . . . . . . . . . 14
8.3. Subcases for Receiving Messages . . . . . . . . . . . . . 14
9. Security Considerations . . . . . . . . . . . . . . . . . . . 15
10. Privacy Considerations . . . . . . . . . . . . . . . . . . . 15
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 2]
Internet-Draft MEDUP Motivation and Requirements June 2019
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 15
13.1. Normative References . . . . . . . . . . . . . . . . . . 15
13.2. Informative References . . . . . . . . . . . . . . . . . 16
Appendix A. Document Changelog . . . . . . . . . . . . . . . . . 17
Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17
1. Introduction
[RFC8280] has identified and documented important principles in such
as Data Minimization, End-to-End and Interoperability in order to
enable access to Human Rights. While (partial) implementations of
these concepts are already available, today's applications widely
lack Privacy support that ordinary users can easily handle.
In MEDUP these issues are addressed based on Opportunistic Security
[RFC7435] principles.
This document covers analysis of threats and requirements.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.2. Terms
The following terms are defined for the scope of this document:
o Trustwords: A scalar-to-word representation of 16-bit numbers (0
to 65535) to natural language words. When doing a Handshake,
peers are shown combined Trustwords of both public keys involved
to ease the comparison. [I-D.birk-pep-trustwords]
o Trust on First Use (TOFU): cf. [RFC7435]
o Man-in-the-middle attack (MITM): cf. [RFC4949]
2. Motivation and Background
2.1. Objectives
o An open standard for secure messaging requirements
o Unified evaluation framework: unified goals and threat models
o Common pitfalls
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 3]
Internet-Draft MEDUP Motivation and Requirements June 2019
o Future directions on requirements and technologies
o Misleading products on the wild (EFF secure messaging scorecard)
2.2. Known Implementations
2.2.1. Pretty Easy Privacy (pEp)
To achieve privacy of exchanged messages in an opportunistic way
[RFC7435], the following model (simplified) is proposed by pEp
(pretty Easy Privacy) [I-D.birk-pep]:
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 4]
Internet-Draft MEDUP Motivation and Requirements June 2019
----- -----
| A | | B |
----- -----
| |
+------------------------+ +------------------------+
| auto-generate key pair | | auto-generate key pair |
| (if no key yet) | | (if no key yet) |
+------------------------+ +------------------------+
| |
+-----------------------+ +-----------------------+
| Privacy Status for B: | | Privacy Status for A: |
| *Unencrypted* | | *Unencrypted* |
+-----------------------+ +-----------------------+
| |
| A sends message to B (Public Key |
| attached) / optionally signed, but |
| NOT ENCRYPTED |
+------------------------------------------>|
| |
| +-----------------------+
| | Privacy Status for A: |
| | *Encrypted* |
| +-----------------------+
| |
| B sends message to A (Public Key |
| attached) / signed and ENCRYPTED |
|<------------------------------------------+
| |
+-----------------------+ |
| Privacy Status for B: | |
| *Encrypted* | |
+-----------------------+ |
| |
| A and B sucessfully compare their |
| Trustwords over an alternative channel |
| (e.g., phone line) |
|<-- -- -- -- -- -- -- -- -- -- -- -- -- -->|
| |
+-----------------------+ +-----------------------+
| Privacy Status for B: | | Privacy Status for A: |
| *Trusted* | | *Trusted* |
+-----------------------+ +-----------------------+
| |
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 5]
Internet-Draft MEDUP Motivation and Requirements June 2019
pEp is supposed to solve three problems :
o Key management
o Trust management
o Identity management
pEp is supposed to provide Privacy by Default at least for message
content. In addition, pEp is providing meta data protection. pEp is
meant to be used in already existing messaging solutions.
And pEp is supposed to provide technical data protection by
implementing mix network capabilities.
Additionally, there are use cases for enterprise environments, where
e.g. some instance at the enterprise may need to look into the
messages. Reasons for this include compliance requirements or virus
/ malware checking
[[ TODO: Decide whether enterprise requirements will be covered
herein ]]
2.2.2. Autocrypt
The Autocrypt approach is also a known project following the above
mentioned principles, though - compared to pEp (cf. Section 2.2.1) -
the goals slightly differ, for example regarding support of legacy
PGP [RFC4880] implementations.
More information on Autocypt can be found on: https://autocrypt.org/
background.html
[[ TODO: Input from autocrypt group ]]
3. Basic Functional Requirements
This section outlines the functional requirements. We follow the
requirements extracted from the literature on private emails and
instant messaging [Unger].
o Message: send and receive message(s)
o Multi-device support: synchronisation across multiple devices
o Group messaging: communication of more than 2 users
[[ TODO: Add more text on Group Messaging requirements. ]]
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 6]
Internet-Draft MEDUP Motivation and Requirements June 2019
4. Threat Analyses
This section describes a set of possible threats. Note that not all
threats can be addressed, due to conflicting requirements.
4.1. Establish Evaluation Criteria for:
o Security and privacy requirements
o Usability (little work on usability and trust establishment)
o Adoption implications
4.2. Focus Areas (Design Challenges):
o Trust establishment: some human interaction
o Conversation security: no human interaction
o Transport privacy: no human interaction
5. System Model
5.1. Entities
o Users: Sender and receiver(s)
There are the communicating parties such as the sender and
receiver of messages.
o Messaging operators and network nodes
Are the servers and network nodes who are responsible for message
delivery and synchronization.
o Third parties
It is any other entity who is interacting with the system.
6. Problem Areas
6.1. Security Threats and Requirements
6.1.1. Spoofing and Entity Authentication
An adversary can spoof and impersonate a profile of a user. It may
attempt to send or receive a message on behalf of a legitimate user.
An adversary can be a user of the system gaining access as an
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 7]
Internet-Draft MEDUP Motivation and Requirements June 2019
imposter sending or receiving a message. For example, an adversary
can impersonate a valid sender of a message and send it on their
behalf. The capabilities of an adversary are usually local
controlling one entity or a set of entities, in the sense that each
spoofed identity will be used to communicate with different end
users. To mitigate spoofing threats is essential to have entity
authentication mechanisms safeguarding that a user is the legitimate
owner of a messaging service account. For example, it can prove that
he/she knows something such as passwords, posses something such as
public key and have specific features such as biometrics.
6.1.2. Information Disclosure and Confidentiality
An adversary aims to retrieve and disclose information about the
content of a message. It can attempt to perform a man-in-the-middle
attack (MitM) eavesdropping and forwarding messages as an
intermediary between the communicating users. For example, an
adversary can try to position itself between two communicating
parties such as the messaging server and remain undetectable
collecting information transmitted to the intended users. The
capabilities of an adversary can be from local controlling one point
of the communication channel such as an entity or a communication
link of the network. It can also be a global adversary controlling
several entities and communication links of the channel, gaining the
capability of correlating traffic such as in timing attacks even for
end-to-end communication systems [Tor]. Therefore, confidentiality
of messages exchanged in the system should be guaranteed with the use
of encryption schemes such as symmetric, asymmetric, or homomorphic
encryption.
6.1.3. Tampering With Data and Data Authentication
An adversary can tamper with the messages aiming to modify the
information stored or exchanged between the communication entities in
the system. For instance, an adversary may attempt to alter an email
or an instant message by changing the content of them. It can be
anyone but the users who are communicating such as the message
operators, the network node, and third parties. The capabilities of
an adversary can be local controlling an entity that can alter
messages usually performing MitM attack for an encrypted channel.
Therefore, no honest party should accept a message that was modified
in transit. Data authentication of messages needs to be guaranteed
such as with the use of MAC algorithms and digital signatures.
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 8]
Internet-Draft MEDUP Motivation and Requirements June 2019
6.1.4. Repudiation and Accountability (Non-Repudiation)
An adversary can repudiate an email sent or received by providing
falsified information about the status of the message to users of the
system. For instance, an adversary may attempt to state inaccurate
information about an action performed such as about sending or
receiving an email. An adversary can be anyone who is involved in
communicating such as the users of the system, the message operators,
and the network nodes. To mitigate repudiation threats,
accountability and non-repudiation of actions performed must be
guaranteed. Non-repudiation of action can be of origin, submission,
delivery, and receipt providing proof of actions performed to the
intended recipient. It can be achieved with the use of cryptographic
schemes such as digital signatures and audit trails such as
timestamps.
6.2. Privacy Threats and Requirements
6.2.1. Identifiability - Anonymity
An adversary can identify a specific user associated with an Items of
Interest (IOI), i.e., an ID of a subject, a message sent, and an
action performed. Identifiability is the state under which a
specific user can be identified from a set of users defined as the
identifiability set. For instance, it may identify the sender of a
message by examining the headers of an email exchanged within a
system. An adversary can be anyone but the users who are
communicating such as the message operators, the network node or
third parties. To mitigate identifiability threats, the anonymity of
users must be guaranteed. It is defined as the "Anonymity of a
subject from an attacker's perspective means that the attacker cannot
sufficiently identify the subject within a set of subjects, the
anonymity set" [Pfitzmann]. Essentially, to enable anonymity, there
is always need to be a set of possible subjects such that for an
adversary the communicating user can be equally likely of any other
user in the set [Diaz]. Thus, an adversary cannot deduce who is the
originator of a message. Anonymity can be achieved with the use of
pseudonyms and cryptographic schemes such as anonymous remailers
(i.e., mixnets), anonymous communications channels (e.g., Tor), and
secret sharing.
6.2.2. Linkability - Unlinkability
An adversary can sufficiently distinguish within the system, whether
two or more Items of Interest (IOI) such as subjects, objects,
messages, and actions are linked to the same user. For instance, an
adversary can relate pseudonyms from messages exchanged and deduce
whether it is the same user who sent the messages. It can be anyone
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 9]
Internet-Draft MEDUP Motivation and Requirements June 2019
but the users who are communicating such as the message operators,
the network node, or third parties. Therefore, unlinkability of IOIs
should be guaranteed with the use of pseudonyms and cryptographic
schemes such as anonymous credentials.
6.2.3. Detectability and observatility - Unditectability
An adversary can sufficiently detect an IOI such as messages
exchanged within the system from random noise. For instance, an
adversary can detect a specific IOI when a user is sending a message
from a set of communicating users. An adversary can be anyone but
the users who are communicating such as the message operators, the
network node or third parties. In contrast to anonymity and
unlinkability, where the relationship from an IOI to a user is
preserved, undetectability is defined as "Undetectability of an item
of interest (IOI) from an attacker's perspective means that the
attacker cannot sufficiently distinguish whether it exists or not."
[Pfitzmann]. Undetectability of IOIs can be guaranteed with the use
of cryptographic schemes such as Mix-nets and obfuscation mechanisms
such as dummy traffic.
6.3. Information disclosure - confidentiality
An adversary can disclose information exchanged within the system
about users. It can perform a MitM aiming to learn the contents of a
message the metadata information such as with whom someone is
communicating with and with which frequency. It can be anyone but
the users who are communicating such as the messaging server, and the
network nodes. The capabilities of an adversary can be local
controlling one entity or channel of the network to a global
adversary which can control several entities and communication links.
Confidentiality of messages, together with security, needs to be
guaranteed with the use of cryptographic operations such as secret
sharing, symmetric, asymmetric, or homomorphic encryption.
6.4. Non-repudiation and deniability
In contrast to security, non-repudiation can be a threat to a user's
privacy for messaging systems. An adversary may attempt to collect
evidence exchanged in the system aiming to prove to others that a
specific user is the originator of a specific message. That can be
problematic for users as whistle-blowers in countries where
censorship is a daily routine and to countries where human life can
be at stake. Therefore plausible deniability, unlike non-
repudiation, must be guaranteed where the system guarantees that an
adversary cannot confirm either contradict that a specific user has
sent a message. Deniability can be guaranteed with the use of
cryptographic schemes such as off-the-record messages.
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 10]
Internet-Draft MEDUP Motivation and Requirements June 2019
7. Specific Security and Privacy Requirements
7.1. Messages Exchange
7.1.1. Send Message
o Send encrypted and signed message to another peer
o Send unencrypted and unsigned message to another peer
Note: Subcases of sending messages are outlined in Section 8.2.
7.1.2. Receive Message
o Receive encrypted and signed message from another peer
o Receive encrypted, but not signed message from another peer
o Receive signed, but not encrypted message from another peer
o Receive unencrypted and unsigned message from another peer
Note: Subcases of receiving messages are outlined in Section 8.3.
7.2. Trust Management
o Trust rating of a peer is updated (locally) when:
* Public Key is received the first time
* Trustwords have been compared successfully and confirmed by
user (see above)
* Trust of a peer is revoked (cf. Section 7.3, Key Reset)
o Trust of a public key is synchronized among different devices of
the same user
Note: Synchronization management (such as establish or revoke
trust) among a user's own devices is described in Section 7.4
7.3. Key Management
o New Key pair is generated automatically (if none found) at startup
o Public Key is sent to peer by attaching it to messages
o Public Key received by a peer is stored locally
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 11]
Internet-Draft MEDUP Motivation and Requirements June 2019
o Key pair is declared invalid and other peers are informed (Key
Reset)
o Public Key is marked invalid after receiving a key reset message
o Public Keys are are of peers are synchronized among different
devices of the same user
o Private Key is synchronized among different devices of the same
user
Note: Synchronization management (such as establish or revoke
trust) among a user's own devices is described in Section 7.4
7.4. Synchronization Management
A device group is a group of devices of the same user that share the
same key pairs in order to synchronize data among them. In a device
group devices of the same user mutually grant authentication.
o Form a device group of two (yet ungrouped) devices of the same
user
o Join another device of the same user to existing device group
o Leave device group
o Remove other device from device group
7.5. Identity Management
o All involved parties share the same identity system
7.6. User Interface
o Need for user interaction is kept to the minimum necessary
o The privacy status of a peer is presented to the user by a color
rating
o The privacy status of a message is presented to the user by a
color rating
o The color rating is defined by a traffic-light semantics
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 12]
Internet-Draft MEDUP Motivation and Requirements June 2019
8. Subcases
8.1. Interaction States
The basic model consists of three different interaction states, i.e.:
1. Both peers have got no public key of each other, no trust
possible
2. Only one peer has got the public key of the other peer, but no
trust
3. Only one peer has got the public key of the other peer and trusts
that public key
4. Both peers have got the public key of each other, but no trust
5. Both peers have got the public key of each other, but only one
peer trusts the other peer's public key
6. Both peers have got the public key of each other and both peers
trust each others public key
The following table shows the different interaction states possible:
+-------+-----------------+-------------------+---------+-----------+
| state | Peer's Public | My Public Key | Peer | Peer |
| | Key available | available to Peer | Trusted | trusts me |
+-------+-----------------+-------------------+---------+-----------+
| 1. | no | no | N/A | N/A |
| | | | | |
| 2a. | no | yes | N/A | no |
| | | | | |
| 2b. | yes | no | no | N/A |
| | | | | |
| 3a. | no | yes | N/A | yes |
| | | | | |
| 3b. | yes | no | yes | N/A |
| | | | | |
| 4. | yes | yes | no | no |
| | | | | |
| 5a. | yes | yes | no | yes |
| | | | | |
| 5b. | yes | yes | yes | no |
| | | | | |
| 6. | yes | yes | yes | yes |
+-------+-----------------+-------------------+---------+-----------+
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 13]
Internet-Draft MEDUP Motivation and Requirements June 2019
In the simplified model, only interaction states 1, 2, 4 and 6 are
depicted. States 3 and 5 may result from e.g. key mistrust or
abnormal user behavior.
Note: As one peer may have several keys or if group conversations are
involved, things will get more complex. For the time being, we focus
on bilateral interactions, whereas group interactions are split up
into several bilateral interactions.
8.2. Subcases for Sending Messages
o If peer's Public Key not available (Interaction States 1, 2a, and
3a)
* Send message Unencrypted (and not Signed)
o If peer's Public Key available (Interaction States 2b, 3b, 4, 5a,
5b, 6)
* Send message Encrypted and Signed
8.3. Subcases for Receiving Messages
o If peer's Public Key not available (Interaction States 1, 2a, and
3a)
* If message is signed
+ ignore signature
* If message is encrypted
+ decrypt with caution
* If message not encrypted
+ No further processing regarding encryption
o If peer's Public Key available or can be retrieved from received
message (Interaction States 2b, 3b, 4, 5a, 5b, 6)
* If message is signed
+ verify signature
+ If message is encrypted
- Decrypt
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 14]
Internet-Draft MEDUP Motivation and Requirements June 2019
+ If message not encrypted
- No further processing regarding encryption
* If message not signed
+ If message is encrypted
- exception
+ If message not encrypted
- No further processing regarding encryption
9. Security Considerations
Relevant security considerations are outlined in Section 6.1.
10. Privacy Considerations
Relevant privacy considerations are outlined in Section 6.2.
11. IANA Considerations
This document requests no action from IANA.
[[ RFC Editor: This section may be removed before publication. ]]
12. Acknowledgements
The authors would like to thank the following people who have
provided feedback or significant contributions to the development of
this document: Volker Birk [[ TODO: Forename Surname, Forename2
Surname2, ...]]
lorem ipsum
13. References
13.1. Normative References
[Diaz] Diaz, C., Seys, St., Claessens, J., and B. Preneel,
"Towards Measuring Anonymity", PET Privacy Enhancing
Technologies, Second International Workshop, San
Francisco, CA, USA, April 14-15, 2002, Revised Papers, pp.
54-68, 2002.
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 15]
Internet-Draft MEDUP Motivation and Requirements June 2019
[Pfitzmann]
Pfitzmann, A. and M. Hansen, "A terminology for talking
about privacy by data minimization: Anonymity,
unlinkability, undetectability, unobservability,
pseudonymity, and identity management", 2010,
<https://nyuscholars.nyu.edu/en/publications/
sok-secure-messaging>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>.
[RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection
Most of the Time", RFC 7435, DOI 10.17487/RFC7435,
December 2014, <https://www.rfc-editor.org/info/rfc7435>.
[Tor] Project, T., "One cell is enough to break Tor's
anonymity", June 2019, <https://blog.torproject.org/
one-cell-enough-break-tors-anonymity/>.
[Unger] Unger, N., Dechand, S., Bonneau, J., Fahl, S., Perl, H.,
Goldberg, I., and M. Smith, "SoK: Secure Messaging",
IEEE Proceedings - 2015 IEEE Symposium on Security and
Privacy, SP 2015, pages 232-249, July 2015,
<https://nyuscholars.nyu.edu/en/publications/
sok-secure-messaging>.
13.2. Informative References
[I-D.birk-pep]
Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp):
Privacy by Default", draft-birk-pep-03 (work in progress),
March 2019.
[I-D.birk-pep-trustwords]
Birk, V., Marques, H., and B. Hoeneisen, "IANA
Registration of Trustword Lists: Guide, Template and IANA
Considerations", draft-birk-pep-trustwords-03 (work in
progress), March 2019.
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 16]
Internet-Draft MEDUP Motivation and Requirements June 2019
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
Thayer, "OpenPGP Message Format", RFC 4880,
DOI 10.17487/RFC4880, November 2007,
<https://www.rfc-editor.org/info/rfc4880>.
[RFC8280] ten Oever, N. and C. Cath, "Research into Human Rights
Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280,
October 2017, <https://www.rfc-editor.org/info/rfc8280>.
Appendix A. Document Changelog
[[ RFC Editor: This section is to be removed before publication ]]
o draft-symeonidis-medup-requirements-00:
* Initial version
Appendix B. Open Issues
[[ RFC Editor: This section should be empty and is to be removed
before publication ]]
o Add references to used materials (in particular threat analyses
part)
o Get content from Autocrypt (Section 2.2.2)
o Add more text on Group Messaging requirements
o Decide on whether or not "enterprise requirement" will go to this
document
Authors' Addresses
Iraklis Symeonidis
University of Luxembourg
29, avenue JF Kennedy
L-1855 Luxembourg
Luxembourg
Email: iraklis.symeonidis@uni.lu
URI: https://wwwen.uni.lu/snt/people/iraklis_symeonidis
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 17]
Internet-Draft MEDUP Motivation and Requirements June 2019
Bernie Hoeneisen
Ucom Standards Track Solutions GmbH
CH-8046 Zuerich
Switzerland
Phone: +41 44 500 52 44
Email: bernie@ietf.hoeneisen.ch (bernhard.hoeneisen AT ucom.ch)
URI: https://ucom.ch/
Symeonidis & Hoeneisen Expires December 26, 2019 [Page 18]