Open flesueur opened 4 years ago
flesueur
commented
4 years ago Hi,
Is this github still alive, or not ? For instance, DP3T published some guidelines on server-side logging requests, IP, etc. (p11 https://github.com/DP-3T/documents/blob/master/DP3T%20-%20Best%20Practices%20for%20Operation%20Security%20in%20Proximity%20Tracing.pdf) . It is of course not enforceable by clients (no mixnets/TOR), but it is better than nothing.
Cheers, François
guillon
commented
4 years ago Be careful, the report is for decentralised protocols.
In particular for server logs recommendations, it is not at all what one would expect for an implementation of Robert.
As the protocol itself is self-informative and servers processes anyway do not require logging at all in order to forge responses or implement countermeasures for DoS attacks. No logging at all of IP/user agent should be done. Lifetime of logs also should be mentioned I suppose at the least.
flesueur
commented
4 years ago Yes, of course the DP3T doc is for decentralized protocols. In their case, servers are less critical (regarding privacy), yet they considered the overall infrastructure and that they should provide some guidelines for logging, in order to preserve coherency.
I just pointed this for reference, since it addresses this type of concern. In the case of Robert, since server is much more critical, more logging surface would be critical and it would be interesting to tackle these aspects of the surrounding infrastructure of the server.
Hello,
From the StopCovid gitlab, it appears there is no mixnet implementation (https://gitlab.inria.fr/stopcovid19/robert-server/-/issues/31) and that hosting security features seem to monitor personal data such as IP (https://gitlab.inria.fr/stopcovid19/robert-server/-/issues/30#note_349492)
The Robert proposal is demonstrated and analyzed with such anonymization features, features which lack in the implementation.
I know that the implementation is not on your side. But what parts of the expected privacy properties from your proposal may be hindered by not implementing mixnets/logging IPs ?
Cheers, Francois