Re: [5gangip] Identifier size
Dino Farinacci <farinacci@gmail.com> Thu, 01 February 2018 23:01 UTC
Return-Path: <farinacci@gmail.com>
X-Original-To: 5gangip@ietfa.amsl.com
Delivered-To: 5gangip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A97712DA29 for <5gangip@ietfa.amsl.com>; Thu, 1 Feb 2018 15:01:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.697
X-Spam-Level:
X-Spam-Status: No, score=-2.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_PNG_UNO_LARGO=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vYabMmezkdPh for <5gangip@ietfa.amsl.com>; Thu, 1 Feb 2018 15:01:48 -0800 (PST)
Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F49312EB21 for <5gangip@ietf.org>; Thu, 1 Feb 2018 15:01:48 -0800 (PST)
Received: by mail-io0-x231.google.com with SMTP id t22so20979863ioa.7 for <5gangip@ietf.org>; Thu, 01 Feb 2018 15:01:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=WjqXrJOU7rvpmQ0tG0SEenap8OHF6hFuclUaTnMrmvU=; b=XhAWblLL1yBSlmt+2GR8dOQ4H6yv6fxxf2HNQauNer9eQHGyCRVQeF38IKN4RbXc8+ d0yERYrxgTyq7vivcQfJiYJmEG4uSC56nmKUeyaFPTiL7ws6omIWBg0/afQk/kp6crfd 6neUvXwrnXsR9B83RTeTdvdwuiqYqXuKoYDlpHELJnoRdvNPwokXuuzKcmS+aGVMiXB6 s6ugjnUd6YZkv9uycvaX9qcRn/mHDMhJn2jnJQJaKaBB7N4ujbunfbK0UqwsQGeVAjuL Wjg5JoxlH5UdAI6lqiA9LoZ37dP+T9/sJRsxS/0Oc9iwrbBw7rGgMv9jLUdYhrsvV1ge 8ZhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=WjqXrJOU7rvpmQ0tG0SEenap8OHF6hFuclUaTnMrmvU=; b=NHtp4+8Ea6k3g233Q3FLKUSx2YgF2ZdPKS8lwNMPiBT6sN1JdTEHXLw2dLei2aw58s JYIKTjS2nbUMmfXF7+AoCvvQFTfTEv/v3BJqeqXDN0pnOYiyBz6iRyfDAq+KiBEoEUmL xyHejSzgs6tTmi5BdQYEBJ4AcUzrFbNy1+1ogo5Jqi/ZAELNIoGz8eUL7IszmWjDBOUs HElBCmg+1B5fpCl6VY60efJMbJ4ExfR7cfC8jUnQ3ZnVcbNGCSGqJjHfUPUy+DwUF6N1 JwmhYS7/TtqcLYRID9Wp6lIZv0SLqv3nO/giFI3VhYcvVxCSU9ffF89sDNF8QBMJ/OeS G7Tg==
X-Gm-Message-State: AKwxytd0X2FM0H11PF21nKDFBQuEUfu38v3UI/Ek7PO7sr5eN9agqCsE 1xeQ/2wPf7qOQ6uTXgpZvWs=
X-Google-Smtp-Source: AH8x227+qvyYePgOky73z+i2970ssXsSzi6jPwsV/M65a8sa7MOkNx6KooGxhAf+CWo0VO370H+JQA==
X-Received: by 10.107.68.17 with SMTP id r17mr40193031ioa.13.1517526107740; Thu, 01 Feb 2018 15:01:47 -0800 (PST)
Received: from dino-macbook.attlocal.net (adsl-108-94-0-209.dsl.pltn13.sbcglobal.net. [108.94.0.209]) by smtp.gmail.com with ESMTPSA id r2sm377289ioi.86.2018.02.01.15.01.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Feb 2018 15:01:47 -0800 (PST)
From: Dino Farinacci <farinacci@gmail.com>
Message-Id: <C3F207C6-816E-41D6-B6A3-A32CAFEA0F1B@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B8219F35-F104-4B86-9EF1-7F1E4EF046D3"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Thu, 01 Feb 2018 15:01:40 -0800
In-Reply-To: <0582c4b8-c085-8118-a12d-01a3f952168e@htt-consult.com>
Cc: sarikaya@ieee.org, Tom Herbert <tom@herbertland.com>, 5GANGIP <5gangip@ietf.org>
To: Robert Moskowitz <rgm@htt-consult.com>
References: <CAC8QAcfTg_osQe4HGF8w-j_w_=2rwUv9-j=M-NhKyV7GVMxFPQ@mail.gmail.com> <0582c4b8-c085-8118-a12d-01a3f952168e@htt-consult.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/5gangip/ZiAtluehQ-vHsMD9Zc3P-R1Pd_M>
Subject: Re: [5gangip] Identifier size
X-BeenThere: 5gangip@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of implications of the upcoming 5th Generation \(fixed and\) Mobile communication systems on IP protocols." <5gangip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/5gangip>, <mailto:5gangip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/5gangip/>
List-Post: <mailto:5gangip@ietf.org>
List-Help: <mailto:5gangip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/5gangip>, <mailto:5gangip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Feb 2018 23:01:58 -0000
I keep this on my desktop, just for frequent reference. UUIDs are 128 bits. Dino > On Feb 1, 2018, at 2:18 PM, Robert Moskowitz <rgm@htt-consult.com> wrote: > > Behcet, > > I was really sick with the flu and a secondary infection all of January and am only now trying to cut through the backlog. Us older guys got to watch it... > > Anyway a comment about length of Identifier. i have a bit of experience on considering how long to make an Identifier. For some recent examples on this and the best estimation equation on the probability of collisions, please see: > > draft-moskowitz-hierarchical-hip > > Since there will always be collisions, you need some collision management approach. The above draft provides one such approach. > > Just sharing a bit of my study into consequences on choosing an Identifier length. > > I may get through the various responses on this original post still this week... > > Oh, and I have an Excel sheet that makes using the formula easy; just ask for it. > > Bob > > On 01/31/2018 11:27 AM, Behcet Sarikaya wrote: >> Hi Tom, all, >> >> I changed this tread to identifier size issue. >> >> Saleem pointed out that: >> ILNPv6 will not work with more than 64 bits in the NID, and that is consistent >> with RFC8200/STD86 (which refers to RFC4291, for the use of a 64 bit ID). >> >> >> So my question is the identifier in identifier - locator separation equal to the interface id in RFC 8200? >> >> If yes, then what happens if the UE has more than one interfaces? >> >> This makes it the uniqueness of the IID and the identifier is the same problem? >> >> Regards, >> Behcet >> On Mon, Jan 29, 2018 at 4:16 PM, Tom Herbert <tom@herbertland.com> wrote: >> On Mon, Jan 29, 2018 at 12:39 PM, Behcet Sarikaya >> <sarikaya2012@gmail.com> wrote: >> > Hi all, >> > Dirk and I submitted this PS draft. >> > We need this to be discussed and improved. Please read and comment. >> >> Hi Behcet, >> >> Thanks for posting the draft. A few comments... >> >> "However it can be argued that it is difficult to derive globally >> unique identifiers only using 64 bits. So it is better to use longer >> identifiers, e.g. 80 bits or longer" >> >> Can you elaborate on this? >> >> I think the Privacy issues should be it's own section. >> Identifier/locator has both pitfalls and give opportunities to improve >> privacy. >> >> "The use of identifiers unique for each user brings privacy issues. If >> the identifier is stolen then your traffic can be unlawfully tracked, >> there could be serious implications of it." >> >> This is true today when devices have address or assigned a single /64. >> One alternative is gives users thousands or millions of addresses >> (identifier). Identifier/locator split should facilitate that. Note >> that this effect is already provided by NAT since every connection >> through a NAT is translated to non-trackable address/port. NAT has >> some law enforcement agencies freaking out because of its strong >> (inadvertent) privacy! >> >> "Privacy of identifiers is especially an issue for a UE communication >> with a server like Google, Facebook, LinkedIn, etc." >> >> You might want to mention that simple identifier rotation [RFC4914] is >> not enough these days.. >> >> "Privacy issue can be mitigated only if Id-Loc system has proxy mode >> of operation. In proxy mode, user traffic is intercepted by a proxy. >> Proxy node which could be placed at the subnet router or site border >> router. The router tunnels the traffic to the server. In the process >> UE identifier becomes hidden and this hopefully removes privacy >> issues." >> >> I'm not sure what this means. Multiple identifiers per deivce should >> address the privacy issue, Maybe a proxy would have the same effect? >> >> "5G specific identifiers can also used to deal with privacy issues. >> IMSI is known to be 64 bit and unique for each UE. IMSI should not be >> exposed to any entities. It is like 64-identifier. Instead >> identifiers like 5G-GUTI can be used" >> >> I think this is two levels. An identifier in IP identifies a node for >> the purpose of being the endpoint of the communication. Something like >> IMSI identifies a specific device (and hence user). In the best case >> scenario, IP identifiers don't reveal the identity of users and they >> can be made externally visible. IMSI is by its nature sensitive >> information and only visible in a trusted domain. A mapping system >> will need to map identifiers to identities (like an IMSI) so the >> system needs to be secured. >> >> A big item missing in this section is locator security. Fine grained >> locators used in cellular system could be used to infer the >> geo-location of devices and hence users, thus enabling stalkers >> everywhere. So locators need restricted visibility somehow.. >> >> Tom >> >> >> > Also we are soliciting co-authors, please let us know. >> > >> > Regards, >> > Dirk & Behcet >> > >> > >> > A new version of I-D, draft-hspab-5gangip-atticps-00.txt >> > has been successfully submitted by Behcet Sarikaya and posted to the >> > IETF repository. >> > >> > Name: draft-hspab-5gangip-atticps >> > Revision: 00 >> > Title: IP Issues and Associated Gaps in Fifth Generation Wireless >> > Networks >> > Document date: 2018-01-28 >> > Group: Individual Submission >> > Pages: 7 >> > URL: >> > https://www.ietf.org/internet-drafts/draft-hspab-5gangip-atticps-00.txt >> > Status: >> > https://datatracker.ietf.org/doc/draft-hspab-5gangip-atticps/ >> > Htmlized: https://tools.ietf.org/html/draft-hspab-5gangip-atticps-00 >> > Htmlized: >> > https://datatracker.ietf.org/doc/html/draft-hspab-5gangip-atticps-00 >> > >> > >> > Abstract: >> > This document attempts to make the case for new work that need to be >> > developed to be used among various virtualized functions and the end >> > user which may be moving. First a set of use cases on tunneling, >> > charging, mobility anchors are developed and then the steps of >> > proposed new work is described next. >> > >> > >> > >> > >> > Please note that it may take a couple of minutes from the time of submission >> > until the htmlized version and diff are available at tools.ietf.org. >> > >> > The IETF Secretariat >> > >> > >> > >> > _______________________________________________ >> > 5gangip mailing list >> > 5gangip@ietf.org >> > https://www.ietf.org/mailman/listinfo/5gangip >> > >> >> >> >> _______________________________________________ >> 5gangip mailing list >> >> 5gangip@ietf.org >> https://www.ietf.org/mailman/listinfo/5gangip > > _______________________________________________ > 5gangip mailing list > 5gangip@ietf.org > https://www.ietf.org/mailman/listinfo/5gangip
- [5gangip] Identifier size Behcet Sarikaya
- Re: [5gangip] Identifier size Tom Herbert
- Re: [5gangip] Identifier size Saleem Bhatti
- Re: [5gangip] [Ila] Identifier size Dino Farinacci
- Re: [5gangip] [Ila] Identifier size David Allan I
- Re: [5gangip] [Ila] Identifier size David Allan I
- Re: [5gangip] [Ila] Identifier size Dino Farinacci
- Re: [5gangip] [Ila] Identifier size Behcet Sarikaya
- Re: [5gangip] [Ila] Identifier size Dino Farinacci
- Re: [5gangip] Identifier size Mikael Abrahamsson
- Re: [5gangip] [Ila] Identifier size Dirk.von-Hugo
- Re: [5gangip] Identifier size Lorenzo Colitti
- Re: [5gangip] Identifier size Tom Herbert
- Re: [5gangip] Identifier size Mikael Abrahamsson
- Re: [5gangip] Identifier size Tom Herbert
- Re: [5gangip] Identifier size Saleem Bhatti
- Re: [5gangip] [Ila] Identifier size Dino Farinacci
- Re: [5gangip] Identifier size Robert Moskowitz
- Re: [5gangip] Identifier size Dino Farinacci
- Re: [5gangip] Identifier size Robert Moskowitz
- Re: [5gangip] Identifier size Dino Farinacci
- Re: [5gangip] Identifier size Robert Moskowitz
- Re: [5gangip] Identifier size Robert Moskowitz
- Re: [5gangip] Identifier size Alexandre Petrescu