IETF Logo Mail Archive

Re: [5gangip] Identifier size

Dino Farinacci <farinacci@gmail.com> Thu, 01 February 2018 23:01 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: 5gangip@ietfa.amsl.com
Delivered-To: 5gangip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A97712DA29 for <5gangip@ietfa.amsl.com>; Thu, 1 Feb 2018 15:01:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.697
X-Spam-Level:
X-Spam-Status: No, score=-2.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_PNG_UNO_LARGO=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vYabMmezkdPh for <5gangip@ietfa.amsl.com>; Thu, 1 Feb 2018 15:01:48 -0800 (PST)
Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F49312EB21 for <5gangip@ietf.org>; Thu, 1 Feb 2018 15:01:48 -0800 (PST)
Received: by mail-io0-x231.google.com with SMTP id t22so20979863ioa.7 for <5gangip@ietf.org>; Thu, 01 Feb 2018 15:01:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=WjqXrJOU7rvpmQ0tG0SEenap8OHF6hFuclUaTnMrmvU=; b=XhAWblLL1yBSlmt+2GR8dOQ4H6yv6fxxf2HNQauNer9eQHGyCRVQeF38IKN4RbXc8+ d0yERYrxgTyq7vivcQfJiYJmEG4uSC56nmKUeyaFPTiL7ws6omIWBg0/afQk/kp6crfd 6neUvXwrnXsR9B83RTeTdvdwuiqYqXuKoYDlpHELJnoRdvNPwokXuuzKcmS+aGVMiXB6 s6ugjnUd6YZkv9uycvaX9qcRn/mHDMhJn2jnJQJaKaBB7N4ujbunfbK0UqwsQGeVAjuL Wjg5JoxlH5UdAI6lqiA9LoZ37dP+T9/sJRsxS/0Oc9iwrbBw7rGgMv9jLUdYhrsvV1ge 8ZhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=WjqXrJOU7rvpmQ0tG0SEenap8OHF6hFuclUaTnMrmvU=; b=NHtp4+8Ea6k3g233Q3FLKUSx2YgF2ZdPKS8lwNMPiBT6sN1JdTEHXLw2dLei2aw58s JYIKTjS2nbUMmfXF7+AoCvvQFTfTEv/v3BJqeqXDN0pnOYiyBz6iRyfDAq+KiBEoEUmL xyHejSzgs6tTmi5BdQYEBJ4AcUzrFbNy1+1ogo5Jqi/ZAELNIoGz8eUL7IszmWjDBOUs HElBCmg+1B5fpCl6VY60efJMbJ4ExfR7cfC8jUnQ3ZnVcbNGCSGqJjHfUPUy+DwUF6N1 JwmhYS7/TtqcLYRID9Wp6lIZv0SLqv3nO/giFI3VhYcvVxCSU9ffF89sDNF8QBMJ/OeS G7Tg==
X-Gm-Message-State: AKwxytd0X2FM0H11PF21nKDFBQuEUfu38v3UI/Ek7PO7sr5eN9agqCsE 1xeQ/2wPf7qOQ6uTXgpZvWs=
X-Google-Smtp-Source: AH8x227+qvyYePgOky73z+i2970ssXsSzi6jPwsV/M65a8sa7MOkNx6KooGxhAf+CWo0VO370H+JQA==
X-Received: by 10.107.68.17 with SMTP id r17mr40193031ioa.13.1517526107740; Thu, 01 Feb 2018 15:01:47 -0800 (PST)
Received: from dino-macbook.attlocal.net (adsl-108-94-0-209.dsl.pltn13.sbcglobal.net. [108.94.0.209]) by smtp.gmail.com with ESMTPSA id r2sm377289ioi.86.2018.02.01.15.01.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Feb 2018 15:01:47 -0800 (PST)
From: Dino Farinacci <farinacci@gmail.com>
Message-Id: <C3F207C6-816E-41D6-B6A3-A32CAFEA0F1B@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B8219F35-F104-4B86-9EF1-7F1E4EF046D3"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Thu, 01 Feb 2018 15:01:40 -0800
In-Reply-To: <0582c4b8-c085-8118-a12d-01a3f952168e@htt-consult.com>
Cc: sarikaya@ieee.org, Tom Herbert <tom@herbertland.com>, 5GANGIP <5gangip@ietf.org>
To: Robert Moskowitz <rgm@htt-consult.com>
References: <CAC8QAcfTg_osQe4HGF8w-j_w_=2rwUv9-j=M-NhKyV7GVMxFPQ@mail.gmail.com> <0582c4b8-c085-8118-a12d-01a3f952168e@htt-consult.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/5gangip/ZiAtluehQ-vHsMD9Zc3P-R1Pd_M>
Subject: Re: [5gangip] Identifier size
X-BeenThere: 5gangip@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of implications of the upcoming 5th Generation \(fixed and\) Mobile communication systems on IP protocols." <5gangip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/5gangip>, <mailto:5gangip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/5gangip/>
List-Post: <mailto:5gangip@ietf.org>
List-Help: <mailto:5gangip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/5gangip>, <mailto:5gangip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Feb 2018 23:01:58 -0000

I keep this on my desktop, just for frequent reference. UUIDs are 128 bits.

Dino



> On Feb 1, 2018, at 2:18 PM, Robert Moskowitz <rgm@htt-consult.com> wrote:
> 
> Behcet,
> 
> I was really sick with the flu and a secondary infection all of January and am only now trying to cut through the backlog.  Us older guys got to watch it...
> 
> Anyway a comment about length of Identifier.  i have a bit of experience on considering how long to make an Identifier.   For some recent examples on this and the best estimation equation on the probability of collisions, please see:
> 
> draft-moskowitz-hierarchical-hip
> 
> Since there will always be collisions, you need some collision management approach.  The above draft provides one such approach.
> 
> Just sharing a bit of my study into consequences on choosing an Identifier length.
> 
> I may get through the various responses on this original post still this week...
> 
> Oh, and I have an Excel sheet that makes using the formula easy; just ask for it.
> 
> Bob
> 
> On 01/31/2018 11:27 AM, Behcet Sarikaya wrote:
>> Hi Tom, all,
>> 
>> I changed this tread to identifier size issue.
>> 
>> Saleem pointed out that:
>> ILNPv6 will not work with more than 64 bits in the NID, and that is consistent
>> with RFC8200/STD86 (which refers to RFC4291, for the use of a 64 bit ID).
>> 
>> 
>> So my question is the identifier in identifier - locator separation equal to the interface id in RFC 8200?
>> 
>> If yes, then what happens if the UE has more than one interfaces?
>> 
>> This makes it the uniqueness of the IID and the identifier is the same problem?
>> 
>> Regards,
>> Behcet
>> On Mon, Jan 29, 2018 at 4:16 PM, Tom Herbert <tom@herbertland.com> wrote:
>> On Mon, Jan 29, 2018 at 12:39 PM, Behcet Sarikaya
>> <sarikaya2012@gmail.com> wrote:
>> > Hi all,
>> > Dirk and I submitted this PS draft.
>> > We need this to be discussed and improved. Please read and comment.
>> 
>> Hi Behcet,
>> 
>> Thanks for posting the draft. A few comments...
>> 
>> "However it can be argued that it is difficult to derive globally
>> unique identifiers only using 64 bits.  So it is better to use longer
>> identifiers, e.g. 80 bits or longer"
>> 
>> Can you elaborate on this?
>> 
>> I think the Privacy issues should be it's own section.
>> Identifier/locator has both pitfalls and give opportunities to improve
>> privacy.
>> 
>> "The use of identifiers unique for each user brings privacy issues. If
>> the identifier is stolen then your traffic can be unlawfully tracked,
>> there could be serious implications of it."
>> 
>> This is true today when devices have address or assigned a single /64.
>> One alternative is gives users thousands or millions of addresses
>> (identifier). Identifier/locator split should facilitate that. Note
>> that this effect is already provided by NAT since every connection
>> through a NAT is translated to non-trackable address/port. NAT has
>> some law enforcement agencies freaking out because of its strong
>> (inadvertent) privacy!
>> 
>> "Privacy of identifiers is especially an issue for a UE communication
>> with a server like Google, Facebook, LinkedIn, etc."
>> 
>> You might want to mention that simple identifier rotation [RFC4914] is
>> not enough these days..
>> 
>> "Privacy issue can be mitigated only if Id-Loc system has proxy mode
>> of operation.  In proxy mode, user traffic is intercepted by a proxy.
>> Proxy node which could be placed at the subnet router or site border
>> router.  The router tunnels the traffic to the server.  In the process
>> UE identifier becomes hidden and this hopefully removes privacy
>> issues."
>> 
>> I'm not sure what this means. Multiple identifiers per deivce should
>> address the privacy issue, Maybe a proxy would have the same effect?
>> 
>> "5G specific identifiers can also used to deal with privacy issues.
>> IMSI is known to be 64 bit and unique for each UE.  IMSI should not be
>> exposed to any entities.  It is like 64-identifier.  Instead
>> identifiers like 5G-GUTI can be used"
>> 
>> I think this is two levels. An identifier in IP identifies a node for
>> the purpose of being the endpoint of the communication. Something like
>> IMSI identifies a specific device (and hence user). In the best case
>> scenario, IP identifiers don't reveal the identity of users and they
>> can be made externally visible. IMSI is by its nature sensitive
>> information and only visible in a trusted domain. A mapping system
>> will need to map identifiers to identities (like an IMSI) so the
>> system needs to be secured.
>> 
>> A big item missing in this section is locator security. Fine grained
>> locators used in cellular system could be used to infer the
>> geo-location of devices and hence users, thus enabling stalkers
>> everywhere.  So locators need restricted visibility somehow..
>> 
>> Tom
>> 
>> 
>> > Also we are soliciting co-authors, please let us know.
>> >
>> > Regards,
>> > Dirk & Behcet
>> >
>> >
>> > A new version of I-D, draft-hspab-5gangip-atticps-00.txt
>> > has been successfully submitted by Behcet Sarikaya and posted to the
>> > IETF repository.
>> >
>> > Name:           draft-hspab-5gangip-atticps
>> > Revision:       00
>> > Title:          IP Issues and Associated Gaps in Fifth Generation Wireless
>> > Networks
>> > Document date:  2018-01-28
>> > Group:          Individual Submission
>> > Pages:          7
>> > URL:
>> > https://www.ietf.org/internet-drafts/draft-hspab-5gangip-atticps-00.txt
>> > Status:
>> > https://datatracker.ietf.org/doc/draft-hspab-5gangip-atticps/
>> > Htmlized:       https://tools.ietf.org/html/draft-hspab-5gangip-atticps-00
>> > Htmlized:
>> > https://datatracker.ietf.org/doc/html/draft-hspab-5gangip-atticps-00
>> >
>> >
>> > Abstract:
>> >    This document attempts to make the case for new work that need to be
>> >    developed to be used among various virtualized functions and the end
>> >    user which may be moving.  First a set of use cases on tunneling,
>> >    charging, mobility anchors are developed and then the steps of
>> >    proposed new work is described next.
>> >
>> >
>> >
>> >
>> > Please note that it may take a couple of minutes from the time of submission
>> > until the htmlized version and diff are available at tools.ietf.org.
>> >
>> > The IETF Secretariat
>> >
>> >
>> >
>> > _______________________________________________
>> > 5gangip mailing list
>> > 5gangip@ietf.org
>> > https://www.ietf.org/mailman/listinfo/5gangip
>> >
>> 
>> 
>> 
>> _______________________________________________
>> 5gangip mailing list
>> 
>> 5gangip@ietf.org
>> https://www.ietf.org/mailman/listinfo/5gangip
> 
> _______________________________________________
> 5gangip mailing list
> 5gangip@ietf.org
> https://www.ietf.org/mailman/listinfo/5gangip

v2.23.0 | Report a Bug | By Email