-
Notifications
You must be signed in to change notification settings - Fork 34
Protocol registry: Reviewing is not sufficient #255
Copy link
Copy link
Open
Labels
privacy-considerationsprivacy-trackerGroup bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.registryregistry relatedregistry relatedsecurity-considerationssecurity-trackerGroup bringing to attention of security, or tracked by the security Group but not needing response.Group bringing to attention of security, or tracked by the security Group but not needing response.
Description
Metadata
Metadata
Assignees
Labels
privacy-considerationsprivacy-trackerGroup bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.registryregistry relatedregistry relatedsecurity-considerationssecurity-trackerGroup bringing to attention of security, or tracked by the security Group but not needing response.Group bringing to attention of security, or tracked by the security Group but not needing response.
Type
Fields
Give feedbackNo fields configured for issues without a type.
Projects
Status
Todo
There are two requirements for protocols that I think need further elaboration:
And
Technically, a review saying "this protocol is awful in every way" satisfies these criteria.
It would be more useful if there were a set of concrete privacy and security requirements that a protocol needed to satisfy, such a review would be able to say whether a standard was achieved or not. It might be the case that there are subjective elements to a review, but there should also be a minimum bar that each protocol needs to clear.
This goes beyond the present set of requirements in the current inclusion criteria. I don't have a comprehensive list to hand, but one should be possible to develop. And once developed, that list should be in the spec. For instance, does the protocol depend on phoning home? Does the protocol (or the formats it conveys) guarantee unlinkability of presentations? Or - given that unlinkability doesn't make sense for some use cases - under what conditions does the API require the protocol provide unlinkability? What sort of transparency affordances does the protocol include? What sorts of covert channels are acceptable?