Re: [5gangip] Identifier size
Robert Moskowitz <rgm@htt-consult.com> Fri, 02 February 2018 04:22 UTC
Return-Path: <rgm@htt-consult.com>
X-Original-To: 5gangip@ietfa.amsl.com
Delivered-To: 5gangip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5C641275AB for <5gangip@ietfa.amsl.com>; Thu, 1 Feb 2018 20:22:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.76
X-Spam-Level:
X-Spam-Status: No, score=-2.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_PNG_UNO_LARGO=0.001, HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Koo38vGIs_po for <5gangip@ietfa.amsl.com>; Thu, 1 Feb 2018 20:22:48 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BB42127136 for <5gangip@ietf.org>; Thu, 1 Feb 2018 20:22:47 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id F19FC62379; Thu, 1 Feb 2018 23:22:45 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id c0W0jWjaFGfo; Thu, 1 Feb 2018 23:22:30 -0500 (EST)
Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id AA36E62375; Thu, 1 Feb 2018 23:22:25 -0500 (EST)
To: Dino Farinacci <farinacci@gmail.com>
Cc: sarikaya@ieee.org, Tom Herbert <tom@herbertland.com>, 5GANGIP <5gangip@ietf.org>
References: <CAC8QAcfTg_osQe4HGF8w-j_w_=2rwUv9-j=M-NhKyV7GVMxFPQ@mail.gmail.com> <0582c4b8-c085-8118-a12d-01a3f952168e@htt-consult.com> <C3F207C6-816E-41D6-B6A3-A32CAFEA0F1B@gmail.com>
From: Robert Moskowitz <rgm@htt-consult.com>
Message-ID: <10e9ea83-6465-9df7-b88b-bc0f8642a1ee@htt-consult.com>
Date: Thu, 01 Feb 2018 23:22:17 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <C3F207C6-816E-41D6-B6A3-A32CAFEA0F1B@gmail.com>
Content-Type: multipart/alternative; boundary="------------DA28904993DA1029F22A510F"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/5gangip/2THh4isEOpKYHJPhCxk__mC3SdE>
Subject: Re: [5gangip] Identifier size
X-BeenThere: 5gangip@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of implications of the upcoming 5th Generation \(fixed and\) Mobile communication systems on IP protocols." <5gangip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/5gangip>, <mailto:5gangip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/5gangip/>
List-Post: <mailto:5gangip@ietf.org>
List-Help: <mailto:5gangip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/5gangip>, <mailto:5gangip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2018 04:22:53 -0000
This is the wrong way to look at it. What is the 1% probability of a collision. At that point, a collision is going to happen. The 50% probability is a sure bet thing. In a possible population of 2^128, the probability of a collision reaches 1% when the population reaches 2.7*10^18 This is a big number, but nowhere like what it takes to reach a 50% collision probability. But this thread was on a MUCH smaller size Identifier. You have to run the numbers and if the probability is even 0.1%, you better include a collision management piece. Bob On 02/01/2018 06:01 PM, Dino Farinacci wrote: > I keep this on my desktop, just for frequent reference. UUIDs are 128 > bits. > > Dino > > > >> On Feb 1, 2018, at 2:18 PM, Robert Moskowitz <rgm@htt-consult.com >> <mailto:rgm@htt-consult.com>> wrote: >> >> Behcet, >> >> I was really sick with the flu and a secondary infection all >> of January and am only now trying to cut through the backlog. Us >> older guys got to watch it... >> >> Anyway a comment about length of Identifier. i have a bit >> of experience on considering how long to make an Identifier. For >> some recent examples on this and the best estimation equation on >> the probability of collisions, please see: >> >> draft-moskowitz-hierarchical-hip >> >> Since there will always be collisions, you need some >> collision management approach. The above draft provides one such >> approach. >> >> Just sharing a bit of my study into consequences on choosing >> an Identifier length. >> >> I may get through the various responses on this original post >> still this week... >> >> Oh, and I have an Excel sheet that makes using the formula easy; just >> ask for it. >> >> Bob >> >> On 01/31/2018 11:27 AM, Behcet Sarikaya wrote: >>> Hi Tom, all, >>> >>> I changed this tread to identifier size issue. >>> >>> Saleem pointed out that: >>> ILNPv6 will not work with more than 64 bits in the NID, and that is >>> consistent >>> with RFC8200/STD86 (which refers to RFC4291, for the use of a 64 bit >>> ID). >>> >>> >>> So my question is the identifier in identifier - locator separation >>> equal to the interface id in RFC 8200? >>> >>> If yes, then what happens if the UE has more than one interfaces? >>> >>> This makes it the uniqueness of the IID and the identifier is the >>> same problem? >>> >>> Regards, >>> Behcet >>> On Mon, Jan 29, 2018 at 4:16 PM, Tom Herbert <tom@herbertland.com >>> <mailto:tom@herbertland.com>> wrote: >>> On Mon, Jan 29, 2018 at 12:39 PM, Behcet Sarikaya >>> <sarikaya2012@gmail.com> wrote: >>> > Hi all, >>> > Dirk and I submitted this PS draft. >>> > We need this to be discussed and improved. Please read and comment. >>> >>> Hi Behcet, >>> >>> Thanks for posting the draft. A few comments... >>> >>> "However it can be argued that it is difficult to derive globally >>> unique identifiers only using 64 bits. So it is better to use longer >>> identifiers, e.g. 80 bits or longer" >>> >>> Can you elaborate on this? >>> >>> I think the Privacy issues should be it's own section. >>> Identifier/locator has both pitfalls and give opportunities to improve >>> privacy. >>> >>> "The use of identifiers unique for each user brings privacy issues. If >>> the identifier is stolen then your traffic can be unlawfully tracked, >>> there could be serious implications of it." >>> >>> This is true today when devices have address or assigned a single /64. >>> One alternative is gives users thousands or millions of addresses >>> (identifier). Identifier/locator split should facilitate that. Note >>> that this effect is already provided by NAT since every connection >>> through a NAT is translated to non-trackable address/port. NAT has >>> some law enforcement agencies freaking out because of its strong >>> (inadvertent) privacy! >>> >>> "Privacy of identifiers is especially an issue for a UE communication >>> with a server like Google, Facebook, LinkedIn, etc." >>> >>> You might want to mention that simple identifier rotation [RFC4914] is >>> not enough these days.. >>> >>> "Privacy issue can be mitigated only if Id-Loc system has proxy mode >>> of operation. In proxy mode, user traffic is intercepted by a proxy. >>> Proxy node which could be placed at the subnet router or site border >>> router. The router tunnels the traffic to the server. In the process >>> UE identifier becomes hidden and this hopefully removes privacy >>> issues." >>> >>> I'm not sure what this means. Multiple identifiers per deivce should >>> address the privacy issue, Maybe a proxy would have the same effect? >>> >>> "5G specific identifiers can also used to deal with privacy issues. >>> IMSI is known to be 64 bit and unique for each UE. IMSI should not be >>> exposed to any entities. It is like 64-identifier. Instead >>> identifiers like 5G-GUTI can be used" >>> >>> I think this is two levels. An identifier in IP identifies a node for >>> the purpose of being the endpoint of the communication. Something like >>> IMSI identifies a specific device (and hence user). In the best case >>> scenario, IP identifiers don't reveal the identity of users and they >>> can be made externally visible. IMSI is by its nature sensitive >>> information and only visible in a trusted domain. A mapping system >>> will need to map identifiers to identities (like an IMSI) so the >>> system needs to be secured. >>> >>> A big item missing in this section is locator security. Fine grained >>> locators used in cellular system could be used to infer the >>> geo-location of devices and hence users, thus enabling stalkers >>> everywhere. So locators need restricted visibility somehow.. >>> >>> Tom >>> >>> >>> > Also we are soliciting co-authors, please let us know. >>> > >>> > Regards, >>> > Dirk & Behcet >>> > >>> > >>> > A new version of I-D, draft-hspab-5gangip-atticps-00.txt >>> > has been successfully submitted by Behcet Sarikaya and posted to the >>> > IETF repository. >>> > >>> > Name: draft-hspab-5gangip-atticps >>> > Revision: 00 >>> > Title: IP Issues and Associated Gaps in Fifth Generation >>> Wireless >>> > Networks >>> > Document date: 2018-01-28 >>> > Group: Individual Submission >>> > Pages: 7 >>> > URL: >>> > https://www.ietf.org/internet-drafts/draft-hspab-5gangip-atticps-00.txt >>> > Status: >>> > https://datatracker.ietf.org/doc/draft-hspab-5gangip-atticps/ >>> > Htmlized: https://tools.ietf.org/html/draft-hspab-5gangip-atticps-00 >>> > Htmlized: >>> > https://datatracker.ietf.org/doc/html/draft-hspab-5gangip-atticps-00 >>> > >>> > >>> > Abstract: >>> > This document attempts to make the case for new work that need >>> to be >>> > developed to be used among various virtualized functions and >>> the end >>> > user which may be moving. First a set of use cases on tunneling, >>> > charging, mobility anchors are developed and then the steps of >>> > proposed new work is described next. >>> > >>> > >>> > >>> > >>> > Please note that it may take a couple of minutes from the time of >>> submission >>> > until the htmlized version and diff are available at tools.ietf.org. >>> > >>> > The IETF Secretariat >>> > >>> > >>> > >>> > _______________________________________________ >>> > 5gangip mailing list >>> > 5gangip@ietf.org >>> > https://www.ietf.org/mailman/listinfo/5gangip >>> > >>> >>> >>> >>> _______________________________________________ >>> 5gangip mailing list >>> >>> 5gangip@ietf.org >>> https://www.ietf.org/mailman/listinfo/5gangip >> >> _______________________________________________ >> 5gangip mailing list >> 5gangip@ietf.org <mailto:5gangip@ietf.org> >> https://www.ietf.org/mailman/listinfo/5gangip >
- [5gangip] Identifier size Behcet Sarikaya
- Re: [5gangip] Identifier size Tom Herbert
- Re: [5gangip] Identifier size Saleem Bhatti
- Re: [5gangip] [Ila] Identifier size Dino Farinacci
- Re: [5gangip] [Ila] Identifier size David Allan I
- Re: [5gangip] [Ila] Identifier size David Allan I
- Re: [5gangip] [Ila] Identifier size Dino Farinacci
- Re: [5gangip] [Ila] Identifier size Behcet Sarikaya
- Re: [5gangip] [Ila] Identifier size Dino Farinacci
- Re: [5gangip] Identifier size Mikael Abrahamsson
- Re: [5gangip] [Ila] Identifier size Dirk.von-Hugo
- Re: [5gangip] Identifier size Lorenzo Colitti
- Re: [5gangip] Identifier size Tom Herbert
- Re: [5gangip] Identifier size Mikael Abrahamsson
- Re: [5gangip] Identifier size Tom Herbert
- Re: [5gangip] Identifier size Saleem Bhatti
- Re: [5gangip] [Ila] Identifier size Dino Farinacci
- Re: [5gangip] Identifier size Robert Moskowitz
- Re: [5gangip] Identifier size Dino Farinacci
- Re: [5gangip] Identifier size Robert Moskowitz
- Re: [5gangip] Identifier size Dino Farinacci
- Re: [5gangip] Identifier size Robert Moskowitz
- Re: [5gangip] Identifier size Robert Moskowitz
- Re: [5gangip] Identifier size Alexandre Petrescu