From amelia.andersdotter at europarl.europa.eu Mon Jul 1 00:49:08 2013 From: amelia.andersdotter at europarl.europa.eu (ANDERSDOTTER Amelia) Date: Sun, 30 Jun 2013 22:49:08 +0000 Subject: [cooperation-wg] =?utf-8?q?Redirec=C8=9Bionat=3A_new_draft_CAs_Re?= =?utf-8?q?direc=C8=9Bionat=3A_ITRE_draft_report_on_eIDAS_-__invitation_to?= =?utf-8?q?_the_3rd_shadows=27_meeting__on_Tuesday=2C_2_July_2013_in_Stras?= =?utf-8?q?bourg_at_9h00-10h00_=28meeting_room_S4=2E5_-_Louise_Weiss=29?= In-Reply-To: References: <28FE816B96D80F408D7A7A9AD1BF737B149565F1@UCEXLWP009.ep.parl.union.eu>, Message-ID: <28FE816B96D80F408D7A7A9AD1BF737B14956A39@UCEXLWP009.ep.parl.union.eu> Dear all, I was given the advice to send this e-mail to the cooperation group of RIPE. I know that you have had concerns with the system proposed by the European Commission for trust service providers in it's eIDAS regulation, and that you held a special hearing on this topic on Thursday May 17th (https://ripe66.ripe.net/archives/steno/21/). I have also understood that you were largely unsatisfied with the Commission's insurances. The issue in the European Parliament is as follows: You can find the complete set of amendments on the regulation as proposed by the industry committee here: http://www.europarl.europa.eu/committees/en/itre/draft-reports.html?linkedDocument=true&ufolderComCode=&ufolderLegId=&ufolderId=&urefProcYear=2012&urefProcNum=0146&urefProcCode=COD#menuzone You can also find a systematic of the amendments that I personally tabled here: http://ameliaandersdotter.eu/dossiers/eid And so you may notice that many of the amendments actually go sort of the right direction. Now we are in "compromise proceedings". This means that representatives from the various political groups (I represent the Greens/EFA) meet to discuss how to politically proceed with the file. On the topic of QTSPs I have proposed deleting all mentioning of qualified X in favour of a model that promotes transparency (responsible vulnerability disclosure, audit reports, transparent instruction sets from supervisory bodies, etc). Basically a self-regulatory model where, if something goes wrong, the idea is that it is known and can be fixed. However, qualified X and advanced X are legacies from the e-signatures directive in 1999. The Commission has not proposed to remedy this system even though it has turned out not to work in any member state and mostly not been conducive to any particular development. I have argued with my colleagues that security-by-transparency is much more supported and promoted in the community that actually develops secure solutions for whatever, and that security-by-policy is a legacy system which has proven mostly to fail. Further it means unnecessary red-tape with no benefit, as well as a risk of lock-in for crucial society functions. Unfortunately, member in the European Parliament have been given a very poor base of making decisions on this issue from the European Commission, and now we need for the Conservative group (EPP) to either agree or not that red-tape and lock-in are bad things, with little additional value for society, or not. If not, it may well be that a grand coalition of S&D and EPP keeps all the qualified stuff in, thereby destroying, I fear, many of the functioning self-regulatory models already in existance. I am not really able to carry this argument on my own though - the problem for me is that I am up against a 13 year old legislation (e-sig directive 1999) that the Commission in its wisdom has chosen not to change much, other than making it into a regulation, despite having investigated it for a long time. It would be very helpful if RIPE were to support my case before, say, Tuesday July 2nd so that we can have the EPP not flat out reject my approach of not creating stupid paper work for no good reason. Should anyone have any specific questions about my proposed transparency requirements they are free to contact me at any time, you can also check the above provided links. best regards, Amelia Piratpartiet ________________________________________ De la: Patrik F?ltstr?m [paf at frobbit.se] Trimis: 29 iunie 2013 16:21 C?tre: ANDERSDOTTER Amelia Cc: maria at sunet.se; gordon.lennox at gmail.com; fredrik at kirei.se; athina.fragkouli at ripe.net; leifj at sunet.se Subiect: Re: new draft CAs Redirec?ionat: ITRE draft report on eIDAS - invitation to the 3rd shadows' meeting on Tuesday, 2 July 2013 in Strasbourg at 9h00-10h00 (meeting room S4.5 - Louise Weiss) Amelia, I think you directly could send mail to cooperation wg of RIPE... ;-) As well as other activities. Patrik On 29 jun 2013, at 14:45, ANDERSDOTTER Amelia wrote: > dear all, > > in thse compromise amendments we could have had responsible vulnerability disclosure and a removal of the qualified stuff that i believe many of you are in agreement with me should not be there. > > however, the EPP needs to be convinced that red tape is not good. > > if the EpP could be convinced of this then the S&D will cave. > > however, at present we are lacking lobbies that are backing me up in these claism, and so we are likely to go for security-by-policy rather than security-by-transparency. and then we will also have trustmarks in article 18a(new) since ITRE will not over-ride IMCO unless ITRE chooses a different approach from IMCO whcih we do not if we go for security-by-policy and trustmarks. > > and so, i in no way wish to stress you unduly in your important activities, but i anyway have done so now, because the compromises are important. > > /a > > ________________________________________ > De la: KAARTINEN Elina > Trimis: 28 iunie 2013 17:10 > C?tre: KAARTINEN Elina; ULVSKOG Marita; DEL CASTILLO Pilar; CREUTZMANN J?rgen; ANDERSDOTTER Amelia; KARIM Sajjad > Cc: ULVSKOG Marita OFFICE; DEL CASTILLO Pilar OFFICE; CREUTZMANN J?rgen OFFICE; ANDERSDOTTER Amelia OFFICE; STROMGREN Kristoffer; GARCIA JONES Miguel Jos?; SANCHEZ MUNOZ Carmen; GISSLER Constantin; HUFNAGEL Sebastian; BENCZE Julien; YU Wan Tung Perlie; BAIER Klaus; ALEXANIAN Patrick; BALAZ Zlatko; BALLOT-DU FAYET DE LA TOUR Heloise; BRACHOWICZ Maciej Jan; BURSI Camilla; CHALENCON Delphine; DELGINIESSE Christine; FRISOVA Jolana; GIL DE MURO ARENAS Jose Antonio; GOLDSMITH Gareth Jon; GOUNAUD Pauline; GULBE Ance; JANKEVICIUS Edmundas; JOSE Michael John; KROPAITE Egle; LEBERLE Heike; LEVOYANNIS Constantine; LINNEMANN Tobias; MASSEI Manlio; MERGULHAO Teresa; MONTANO Elisabetta; MURRAY Grace; PETRE Nicholas; POLES Christopher; QUERTON Isabelle; RAQUET Michel; RAYM Maxim; REIJNEN Jeroen; RUDOLF Michael; SALAGNAC Catherine; SANTAMARIA Veronica; SERVELLON Sergio; SOEIRO Renato; SOUSA DE JESUS Alfredo; TELEJKO Bartlomiej; TOENNIS Melanie; TOTH Edina; VANDEWALLE Laurence; WYLIE Daniel; ZIOBRO Witold Wladyslaw; ANDERSDOTTER Amelia OFFICE2; KARIM Sajjad OFFICE; ERSHAD Sakib > Subiect: ITRE draft report on eIDAS - invitation to the 3rd shadows' meeting on Tuesday, 2 July 2013 in Strasbourg at 9h00-10h00 (meeting room S4.5 - Louise Weiss) > > Dear Members, > dear colleagues, > > the rapporteur Ms Ulvskog would like to invite you to a shadows' meeting that will take place on Tuesday, 2 July 2013 in Strasbourg at 9h00-10h00 (meeting room S4.5 - Louise Weiss). > > Please, find enclosed the revised CA proposal for the e-ID part. Furthermore the rapporteur would like to support the idea of the replacement of the word identification with the word authentication in articles 3(2) and 3(3) and all other articles which do not obviously relate to the definition of "electronic identification". The CA text to this effect will be proposed by the rapporteur later. > > Please, find attached also the very first draft CAs concerning the trust services part. These CAs are still very preliminary and still subject to changes. The rapporteur would like to however already discuss these proposals with you next week. Further CAs will follow on the trust services part to cover all related articles. > > The scope of the shadows' meeting would be: > - to reach a political agreement on the first set of CAs (e-ID part of Regulation) > - discuss further the enclosed CAs on the trust services and define the framework for the remaining part of the Regulation > > Kind regards, > Elina > > Elina Kaartinen > Administrator > European Parliament > Committee on Industry, Research and Energy (ITRE) - Secretariat > Rue Wiertz 60 > B-1047 Brussels > Office (BRU): ATR 00 K 065 > Tel (BRU): +32 2 283 2388 > Email: elina.kaartinen at europarl.europa.eu > > http://www.europarl.europa.eu > > > > ________________________________ > From: KAARTINEN Elina > Sent: 18 June 2013 12:05 > To: KAARTINEN Elina; ULVSKOG Marita; DEL CASTILLO Pilar; CREUTZMANN J?rgen; ANDERSDOTTER Amelia; KARIM Sajjad > Cc: ULVSKOG Marita OFFICE; DEL CASTILLO Pilar OFFICE; CREUTZMANN J?rgen OFFICE; ANDERSDOTTER Amelia OFFICE; STROMGREN Kristoffer; GARCIA JONES Miguel Jos?; SANCHEZ MUNOZ Carmen; GISSLER Constantin; HUFNAGEL Sebastian; BENCZE Julien; YU Wan Tung Perlie; BAIER Klaus; ALEXANIAN Patrick; BALAZ Zlatko; BALLOT-DU FAYET DE LA TOUR Heloise; BRACHOWICZ Maciej Jan; BURSI Camilla; CHALENCON Delphine; DELGINIESSE Christine; FRISOVA Jolana; GIL DE MURO ARENAS Jose Antonio; GOLDSMITH Gareth Jon; GOUNAUD Pauline; GULBE Ance; JANKEVICIUS Edmundas; JOSE Michael John; KROPAITE Egle; LEBERLE Heike; LEVOYANNIS Constantine; LINNEMANN Tobias; MASSEI Manlio; MERGULHAO Teresa; MONTANO Elisabetta; MURRAY Grace; PETRE Nicholas; POLES Christopher; QUERTON Isabelle; RAQUET Michel; RAYM Maxim; REIJNEN Jeroen; 'RUDOLF Michael'; SALAGNAC Catherine; SANTAMARIA Veronica; SERVELLON Sergio; SOEIRO Renato; SOUSA DE JESUS Alfredo; TELEJKO Bartlomiej; TOENNIS Melanie; TOTH Edina; VANDEWALLE Laurence; WYLIE Daniel; ZIOBRO Witold Wladyslaw; ANDERSDOTTER Amelia OFFICE2; KARIM Sajjad OFFICE; ERSHAD Sakib > Subject: ITRE draft report on eIDAS - invitation to the 2nd shadows' meeting in Brussels on Tuesday, 25 June 2013 at 15h30-16h30 > Importance: High > > Dear Members, > dear colleagues, > > the rapporteur Ms Ulvskog would like to invite you to a shadows' meeting that will take place in in Brussels on Tuesday, 25 June 2013 at 15h30-16h30. The meeting will concentrate on the trust services part of the eIDAS Regulation. > > As discussed in Strasbourg last week, there will be also a third shadows' meeting before the summer break. It is planned for Tuesday, 2 July 2013 in Strasbourg at 9h00-10h00 (meeting room S4.5 - Louise Weiss). Could you kindly take already also note on this meeting and put it in your calendar. > > In the meanwhile and as agreed the draft compromises (e-ID part) will be circulated by email. > > Kind regards, > Elina > > > ________________________________ > From: KAARTINEN Elina > Sent: 10 June 2013 15:19 > To: KAARTINEN Elina; ULVSKOG Marita; DEL CASTILLO Pilar; CREUTZMANN J?rgen; ANDERSDOTTER Amelia; KARIM Sajjad > Cc: ULVSKOG Marita OFFICE; DEL CASTILLO Pilar OFFICE; CREUTZMANN J?rgen OFFICE; ANDERSDOTTER Amelia OFFICE; STROMGREN Kristoffer; GARCIA JONES Miguel Jos?; SANCHEZ MUNOZ Carmen; GISSLER Constantin; HUFNAGEL Sebastian; BENCZE Julien; YU Wan Tung Perlie; BAIER Klaus; ALEXANIAN Patrick; BALAZ Zlatko; BALLOT-DU FAYET DE LA TOUR Heloise; BRACHOWICZ Maciej Jan; BURSI Camilla; CHALENCON Delphine; DELGINIESSE Christine; FRISOVA Jolana; GIL DE MURO ARENAS Jose Antonio; GOLDSMITH Gareth Jon; GOUNAUD Pauline; GULBE Ance; JANKEVICIUS Edmundas; JOSE Michael John; KROPAITE Egle; LEBERLE Heike; LEVOYANNIS Constantine; LINNEMANN Tobias; MASSEI Manlio; MERGULHAO Teresa; MONTANO Elisabetta; MURRAY Grace; PETRE Nicholas; POLES Christopher; QUERTON Isabelle; RAQUET Michel; RAYM Maxim; REIJNEN Jeroen; 'RUDOLF Michael'; SALAGNAC Catherine; SANTAMARIA Veronica; SERVELLON Sergio; SOEIRO Renato; SOUSA DE JESUS Alfredo; TELEJKO Bartlomiej; TOENNIS Melanie; TOTH Edina; VANDEWALLE Laurence; WYLIE Daniel; ZIOBRO Witold Wladyslaw; ANDERSDOTTER Amelia OFFICE2; KARIM Sajjad OFFICE; ERSHAD Sakib > Subject: REMINDER - ITRE draft report on eIDAS - shadows' meeting in Strasbourg on 12 June 2013 at 9h00-10h30 meeting room M04096 (Winston Churchill) + AMs now available in all languages > Importance: High > > Dear Members, > dear colleagues, > Further to the shadows' meeting on Wednesday, 12 June at 9h00-10h30 (meeting room M04096/Winston Churchill), the amendments translated in all languages can be found from here: > > http://www.itrenet.ep.parl.union.eu/itrenet/cms/cache/offonce/welcome/work_in_progress/draft_reports?report.offset=10 > > Kind regards, > Elina > > ________________________________ > From: KAARTINEN Elina > Sent: 29 May 2013 09:35 > To: ULVSKOG Marita; DEL CASTILLO Pilar; CREUTZMANN J?rgen; ANDERSDOTTER Amelia; KARIM Sajjad > Cc: ULVSKOG Marita OFFICE; DEL CASTILLO Pilar OFFICE; CREUTZMANN J?rgen OFFICE; ANDERSDOTTER Amelia OFFICE; STROMGREN Kristoffer; GARCIA JONES Miguel Jos?; SANCHEZ MUNOZ Carmen; GISSLER Constantin; HUFNAGEL Sebastian; BENCZE Julien; YU Wan Tung Perlie; BAIER Klaus; ALEXANIAN Patrick; BALAZ Zlatko; BALLOT-DU FAYET DE LA TOUR Heloise; BRACHOWICZ Maciej Jan; BURSI Camilla; CHALENCON Delphine; DELGINIESSE Christine; FRISOVA Jolana; GIL DE MURO ARENAS Jose Antonio; GOLDSMITH Gareth Jon; GOUNAUD Pauline; GULBE Ance; JANKEVICIUS Edmundas; JOSE Michael John; KROPAITE Egle; LEBERLE Heike; LEVOYANNIS Constantine; LINNEMANN Tobias; MASSEI Manlio; MERGULHAO Teresa; MONTANO Elisabetta; MURRAY Grace; PETRE Nicholas; POLES Christopher; QUERTON Isabelle; RAQUET Michel; RAYM Maxim; REIJNEN Jeroen; 'RUDOLF Michael'; SALAGNAC Catherine; SANTAMARIA Veronica; SERVELLON Sergio; SOEIRO Renato; SOUSA DE JESUS Alfredo; TELEJKO Bartlomiej; TOENNIS Melanie; TOTH Edina; VANDEWALLE Laurence; WYLIE Daniel; ZIOBRO Witold Wladyslaw; ANDERSDOTTER Amelia OFFICE2; KARIM Sajjad OFFICE; ERSHAD Sakib > Subject: ITRE draft report on eIDAS - shadows' meeting in Strasbourg on 12 June 2013 at 9h00-10h30 meeting room M04096 (Winston Churchill) > Importance: High > > Dear Members, > dear colleagues, > > Further to the amendments (XM file) circulated last week, the rapporteur Ms Ulvskog would like to invite you to a shadows' meeting that will take place in Strasbourg on 12 June 2013 at 9h00-10h30 meeting room M04096 (Winston Churchill). > > If possible, could you inform the ITRE Secretariat (Elina Kaartinen) in advance on your availability. > > Kind regards, > Elina Kaartinen > ITRE Secretariat > > ________________________________ > From: KAARTINEN Elina > Sent: 24 May 2013 14:08 > To: ULVSKOG Marita; DEL CASTILLO Pilar; CREUTZMANN J?rgen; ANDERSDOTTER Amelia; KARIM Sajjad > Cc: ULVSKOG Marita OFFICE; DEL CASTILLO Pilar OFFICE; CREUTZMANN J?rgen OFFICE; ANDERSDOTTER Amelia OFFICE; STROMGREN Kristoffer; GARCIA JONES Miguel Jos?; SANCHEZ MUNOZ Carmen; GISSLER Constantin; HUFNAGEL Sebastian; BENCZE Julien; TRAUNG Peter; GUCCIONE Stefano; YU Wan Tung Perlie; DE WIT Catharina; CECIRE Alessandra; BAIER Klaus; ALEXANIAN Patrick; BALAZ Zlatko; BALLOT-DU FAYET DE LA TOUR Heloise; BRACHOWICZ Maciej Jan; BURSI Camilla; CHALENCON Delphine; DELGINIESSE Christine; FRISOVA Jolana; GIL DE MURO ARENAS Jose Antonio; GOLDSMITH Gareth Jon; GOUNAUD Pauline; GULBE Ance; JANKEVICIUS Edmundas; JOSE Michael John; KROPAITE Egle; LEBERLE Heike; LEVOYANNIS Constantine; LINNEMANN Tobias; MASSEI Manlio; MERGULHAO Teresa; MONTANO Elisabetta; MURRAY Grace; PETRE Nicholas; POLES Christopher; QUERTON Isabelle; RAQUET Michel; RAYM Maxim; REIJNEN Jeroen; 'RUDOLF Michael'; SALAGNAC Catherine; SANTAMARIA Veronica; SERVELLON Sergio; SOEIRO Renato; SOUSA DE JESUS Alfredo; TELEJKO Bartlomiej; TOENNIS Melanie; TOTH Edina; VANDEWALLE Laurence; WYLIE Daniel; ZIOBRO Witold Wladyslaw; KONKEL Agnieszka; KONSTANTOPOULOS Panos; DE FRUTOS GOMEZ Jose Manuel; KN?FEL Susanne; ANDERSDOTTER Amelia OFFICE2; DEL MONTE Micaela; RODRIGUES Joao; PUPPAN Daniel; ELEFTERIE Kristina; TANG Kaisa; PORRINO Fabrizio; SILVEIRA DA CUNHA Patricia; RODRIGUES Joao; ANAGNOSTOPOULOU Ioanna; PUPPAN Daniel; PORRINO Fabrizio; DE FRUTOS GOMEZ Jose Manuel; AHNBORG Sara; TANG Kaisa; KN?FEL Susanne; DEL MONTE Micaela; KONKEL Agnieszka; VASILE-TOVORNIK Alina Gabriela; KARIM Sajjad OFFICE; ERSHAD Sakib; KAARTINEN Elina > Subject: ITRE draft report on eIDAS - amendments (2 XM files) - consideration of the amendments ITRE meeting of 19-20 June 2013 > > Dear Members, > dear colleagues, > > please, find enclosed already for your information the amendments tabled to the ITRE draft report on eIDAS (XM files). > > A shadows' meeting in Strasbourg in June has been planned (exact time and place tbc). > > The consideration of the amendments will take place in the ITRE meeting of 19-20 June 2013 > > > Timetable as reminder: > > Indicative Timetable ITRE Report > > Exchange of views > > 18 December 2012 > > > > > Consideration of draft report > > 24 April 2013 > > Deadline for tabling amendments > > 15 May 2013 at 12h00 > > > > > Consideration of amendments > > > 19-20 June 2013 > > Vote ITRE (mandate) > > > 18-19 September 2013 > > Vote Plenary > > tbc > > > > > Kind regards, > Elina > > Elina Kaartinen > Administrator > European Parliament > Committee on Industry, Research and Energy (ITRE) - Secretariat > Rue Wiertz 60 > B-1047 Brussels > Office (BRU): ATR 00 K 065 > Tel (BRU): +32 2 283 2388 > Email: elina.kaartinen at europarl.europa.eu > > http://www.europarl.europa.eu > > > From roland at internetpolicyagency.com Mon Jul 1 11:10:44 2013 From: roland at internetpolicyagency.com (Roland Perry) Date: Mon, 1 Jul 2013 10:10:44 +0100 Subject: [cooperation-wg] Prism In-Reply-To: <22k3lbqw7f.fsf@ziptop.autonomica.net> References: <5DFE64F58A6E724EB163CB43B4F0410B0A35EEC5@S-DC-ESTB02-J.net1.cec.eu.int> <91E8BA03-45B6-4627-A52F-F381C6FD4461@frobbit.se> <22k3lbqw7f.fsf@ziptop.autonomica.net> Message-ID: <2ZKkkbRUeU0RFAp3@internetpolicyagency.com> In message <22k3lbqw7f.fsf at ziptop.autonomica.net>, at 20:39:48 on Sun, 30 Jun 2013, Lars-Johan Liman writes >> There is of course a technical (operational) difference between >> IMAP/POP and Webmail, which should be fairly easy to demonstrate. > >> However, from a regulatory (public policy) point of view, it's clear >> that all forms of email are "messages", including webmail. > >Umm ... I have a gut feeling that someone is trying to split hairs here. Actually, I was trying to glue some hairs back together. -- Roland Perry From roland at internetpolicyagency.com Mon Jul 1 11:29:18 2013 From: roland at internetpolicyagency.com (Roland Perry) Date: Mon, 1 Jul 2013 10:29:18 +0100 Subject: [cooperation-wg] Prism In-Reply-To: <48096A22-98BD-49F3-8D80-713070256165@frobbit.se> References: <5DFE64F58A6E724EB163CB43B4F0410B0A35EEC5@S-DC-ESTB02-J.net1.cec.eu.int> <91E8BA03-45B6-4627-A52F-F381C6FD4461@frobbit.se> <22k3lbqw7f.fsf@ziptop.autonomica.net> <48096A22-98BD-49F3-8D80-713070256165@frobbit.se> Message-ID: In message <48096A22-98BD-49F3-8D80-713070256165 at frobbit.se>, at 21:26:22 on Sun, 30 Jun 2013, Patrik F?ltstr?m writes >In the paper I wrote that was not accepted I explained exactly what Lars-Johan explain above, and concluded that as SMTP and IMAP connections >are involved data about the messages will be retained. > >I.e. webmail consists of one "web" transaction between client and web server, and one email transaction from the web server to the mail server. >If now mail is to be retained the mail transaction has to be retained. As web transactions are not to be retained that leg should and will not >be retained -- even if it is a web transaction that as a result will generate email. Whereas I am suggesting that a suitable compromise would be to retain the details of transactions between client and web-servers-known-to-be-mail-systems. Like Hotmail, Gmail and so on. >That was not acceptable by the parties that to me obviously where not happy with the result during the discussions in the European Parliament >where it to be at least was clear that web should not be retained. > >And I get somewhat bad taste in my mount when I heard people after decision is taken in the European Parliament that web is not to be retained >still try to retain "some" web transactions. I don't think that an "Internet e-mail service" should be excluded simply because it takes place on port 25. They are only very tenuously "web" transactions[1] anyway, rather than http[s] transactions. And no, this isn't splitting hairs, it's trying to assert some clarity in the terminology. The lack of clarity isn't helped by organisations like the BBC constantly inviting viewers to "email us via our website". By which they mean fill in a web form, which might or might not then get successfully emailed to someone inside the BBC by the web server. NB. In this context, I'm not advocating logging and retaining which pages at http://news.bbc.co.uk people browse to, although I know some people who would, especially if it's http://www.howtomakeabomb.com ps The reason I'm especially interested in this is that the list of data types in Article 5 is partly based on some work I did in 2001 (and subsequent pre-Directive Data Retention laws in the UK). [1] I can't remember the last time I clicked on a hyperlink pointing to www.gmail.com, it's either an app on my Windows task bar, a different app on my Android phone, or a parameter entered into my POP3 client (yes, you can access gmail by POP3 too, as I'm sure you know; and why does the access protocol make any difference to whether the transaction should be logged/retained, either in terms of common sense, or what it says in the directive?) -- Roland Perry From roland at internetpolicyagency.com Mon Jul 1 11:53:13 2013 From: roland at internetpolicyagency.com (Roland Perry) Date: Mon, 1 Jul 2013 10:53:13 +0100 Subject: [cooperation-wg] Prism In-Reply-To: References: <5DFE64F58A6E724EB163CB43B4F0410B0A35EEC5@S-DC-ESTB02-J.net1.cec.eu.int> <91E8BA03-45B6-4627-A52F-F381C6FD4461@frobbit.se> <22k3lbqw7f.fsf@ziptop.autonomica.net> <48096A22-98BD-49F3-8D80-713070256165@frobbit.se> Message-ID: In message , at 10:29:18 on Mon, 1 Jul 2013, Roland Perry writes >I don't think that an "Internet e-mail service" should be excluded >simply because it takes place on port 25. Apologies for brain-fade. Port 80, obviously. -- Roland Perry From nick at inex.ie Mon Jul 1 12:45:34 2013 From: nick at inex.ie (Nick Hilliard) Date: Mon, 01 Jul 2013 11:45:34 +0100 Subject: [cooperation-wg] =?utf-8?q?Redirec=C8=9Bionat=3A_new_draft_CAs_Re?= =?utf-8?q?direc=C8=9Bionat=3A_ITRE_draft_report_on_eIDAS_-__invitation_to?= =?utf-8?q?_the_3rd_shadows=27_meeting__on_Tuesday=2C_2_July_2013_in_Stras?= =?utf-8?q?bourg_at_9h00-10h00_=28meeting_room_S4=2E5_-_Louise_Weiss=29?= In-Reply-To: <28FE816B96D80F408D7A7A9AD1BF737B14956A39@UCEXLWP009.ep.parl.union.eu> References: <28FE816B96D80F408D7A7A9AD1BF737B149565F1@UCEXLWP009.ep.parl.union.eu>, <28FE816B96D80F408D7A7A9AD1BF737B14956A39@UCEXLWP009.ep.parl.union.eu> Message-ID: <51D15DCE.9080907@inex.ie> On 30/06/2013 23:49, ANDERSDOTTER Amelia wrote: > However, qualified X and advanced X are legacies from the e-signatures > directive in 1999. The Commission has not proposed to remedy this system > even though it has turned out not to work in any member state It is highly ironic that the commission is talking about giving legal basis to a trust service provider, given that in the past several years they have utterly failed in their primary purpose of providing a trust mechanism. Risk analysis indicates that TSPs are inherently weak. When they work, they provides a reasonable level of convenience. But the consequences of security failure are extreme, and outside damaging trust in the system as a whole, compromises may have serious practical consequences. A good example of this is the dutch PKIgovernment program and the Diginotar compromise. I can't imagine anyone in the NL government being much impressed that the iranian government had write access to their public key infrastructure. It is tempting to write off Diginotar as an outlier case and dismiss its failure as inconsequential to the core concept of trust service providers. This is myopic. Trust service providers will become targets according to the overall trust load which they handle, whether by malicious individual attack (e.g. verisign in 2000 and 2010), state attack (e.g. diginotar), or civil legal compromise from other jurisdictions. This doesn't even include incompetence-related screwups (e.g. the trustwave intermediate CA delegation), or deliberate contractual trust delegation allowing many hundreds of unknown companies to forge arbitrary certificates: http://www.schneier.com/blog/archives/2010/09/uae_man-in-the-.html Why should every computer in the world trust every organisation here: https://www.eff.org/files/colour_map_of_CAs.pdf ? Bruce Schneier's "Ten Risks of PKI" paper provides a readable analysis of PKI which is aimed at the general public: http://www.schneier.com/paper-pki.pdf Although it was written 13 years ago (i.e. prehistoric by Internet standards), all the points he made then are still relevant today, except that we now have the benefit of 13 years experience, and a large amount of analysis of both trusted authority compromises and the consequences of compromise. Compromise of trusted certificate providers is inevitable and the consequences can be catastrophic. Creating legal trust in this mechanism is frankly bizarre. Nick From gordon.lennox.13 at gmail.com Mon Jul 1 13:40:42 2013 From: gordon.lennox.13 at gmail.com (Gordon Lennox) Date: Mon, 1 Jul 2013 13:40:42 +0200 Subject: [cooperation-wg] Prism In-Reply-To: <48096A22-98BD-49F3-8D80-713070256165@frobbit.se> References: <5DFE64F58A6E724EB163CB43B4F0410B0A35EEC5@S-DC-ESTB02-J.net1.cec.eu.int> <91E8BA03-45B6-4627-A52F-F381C6FD4461@frobbit.se> <22k3lbqw7f.fsf@ziptop.autonomica.net> <48096A22-98BD-49F3-8D80-713070256165@frobbit.se> Message-ID: <344F20B8-D85E-4BCF-A951-17EF654CC6BB@gmail.com> Can you share the paper? Gordon On 30 Jun, 2013, at 21:26, Patrik F?ltstr?m wrote: > In the paper I wrote that was not accepted... From paf at frobbit.se Mon Jul 1 14:16:54 2013 From: paf at frobbit.se (=?iso-8859-1?Q?Patrik_F=E4ltstr=F6m?=) Date: Mon, 1 Jul 2013 14:16:54 +0200 Subject: [cooperation-wg] Prism In-Reply-To: <344F20B8-D85E-4BCF-A951-17EF654CC6BB@gmail.com> References: <5DFE64F58A6E724EB163CB43B4F0410B0A35EEC5@S-DC-ESTB02-J.net1.cec.eu.int> <91E8BA03-45B6-4627-A52F-F381C6FD4461@frobbit.se> <22k3lbqw7f.fsf@ziptop.autonomica.net> <48096A22-98BD-49F3-8D80-713070256165@frobbit.se> <344F20B8-D85E-4BCF-A951-17EF654CC6BB@gmail.com> Message-ID: I do not know. I must check. Patrik On 1 jul 2013, at 13:40, Gordon Lennox wrote: > Can you share the paper? > > Gordon > > On 30 Jun, 2013, at 21:26, Patrik F?ltstr?m wrote: > >> In the paper I wrote that was not accepted... From georgios at net.t-labs.tu-berlin.de Tue Jul 16 12:10:16 2013 From: georgios at net.t-labs.tu-berlin.de (Georgios Smaragdakis) Date: Tue, 16 Jul 2013 12:10:16 +0200 (CEST) Subject: [cooperation-wg] Enabling CDN-ISP Collaboration Message-ID: Dear all, - In T-Labs/TU Berlin we maintain a website with all our research activities on CDN-ISP collaboration that are very related to RIPE Cooperation working group objectives: http://www.smaragdakis.net/research/Collaboration - For the most recent document on CDN-ISP collaboration and Network Functions Virtualization please see our paper that appears in ACM SIGCOMM CCR July 2013 issue: "Pushing CDN-ISP Collaboration to the Limit" http://www.smaragdakis.net/publications/CCR-NetPaaS best regards, --George ---------------------------------- Georgios Smaragdakis, Senior Researcher Deutsche Telekom Laboratories Technical University of Berlin http://www.smaragdakis.net