IETF Logo Mail Archive

Re: [5gangip] Identifier size

Dino Farinacci <farinacci@gmail.com> Fri, 02 February 2018 04:37 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: 5gangip@ietfa.amsl.com
Delivered-To: 5gangip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA35F12ECBE for <5gangip@ietfa.amsl.com>; Thu, 1 Feb 2018 20:37:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bLjB6AeajA4k for <5gangip@ietfa.amsl.com>; Thu, 1 Feb 2018 20:37:51 -0800 (PST)
Received: from mail-pl0-x234.google.com (mail-pl0-x234.google.com [IPv6:2607:f8b0:400e:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28C9E12ECA8 for <5gangip@ietf.org>; Thu, 1 Feb 2018 20:37:51 -0800 (PST)
Received: by mail-pl0-x234.google.com with SMTP id f8so5273721plk.11 for <5gangip@ietf.org>; Thu, 01 Feb 2018 20:37:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=9uPb0pAcupwsadVt7a4x1Eo9v0CaZu1K37aqbMx7lo0=; b=uqr6NvCnhDQgO+bAsSJGKJ9v6zeGSMOK6qVrszqa5eH5CW4UlHOs7rKn4pFA6TfmZ4 DyoU6iSUFck/59mO+Fdzjq2Q+Y9zKbf7FMbSirUFbe1h8LqnfmzHjSVahwIq3kUnJGp4 Fksh1hXwL0e0V3KZJbFsx2fWuTMKV/LcNUM8AWnExSajNM6PNy1jTt1hzEA5nJSdsrgw TyHWgyDHL3F3JdOEimogiyxqeX5Ynv23mmZ/2EP9t1bjUj3A7cvZLhi/5BjvXY+vgYIl VR1mczkIFFHqWyu+gpYHvFJFhcwvIOxC5iEM0OvLxWvZkznwC/1UDhPty/EbST8+l3yz 7uHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=9uPb0pAcupwsadVt7a4x1Eo9v0CaZu1K37aqbMx7lo0=; b=ed692RwSIgeDmaWXT0PJ484gVcC8C8urQYJ0vHgnxIQO0l4lgViQCKaY54gOy51QMM V01Sj2VpY5ephQaSlDCXKJocJHlHtvcdcNBIFxqqjI3gkoDoK2iQ3k1CZtpmKgOInV19 H27rcQHZOExkrPXcrkRkQkl7PeguWF4Vfv9f/NATLYudRrldUcVmKu9cF2cRvR/DMiH6 jjOSQu3wEsEyb5RuJYjbMWhuU4HBANdqG8cylv/DxtdP64ukQvxi2TjxV3ceTtctYI+i XfdvyVBnf8eciKdvp/YzlzvJYiMjcATadkoRsz7EAppZOvpb5Q9cmtVAAchn8ozbwRuZ E+Fw==
X-Gm-Message-State: AKwxytchFNxONkz1O9NtNEb59VyQaqQXjNa2jMi6AnDIKx8vYjkLUr/b 4SwqLZ0JqM+8vx0MEaY9EmY=
X-Google-Smtp-Source: AH8x225nPm/ySPa5A71EnQO3p1RfQBjWgIXBojyjn4pSTttWQYISlKJrKxVM6glPK/2ffqjgMmBaMg==
X-Received: by 2002:a17:902:59c9:: with SMTP id d9-v6mr3495182plj.146.1517546270499; Thu, 01 Feb 2018 20:37:50 -0800 (PST)
Received: from ?IPv6:2603:3024:151c:55f0:fcfb:230:9c06:f25f? ([2603:3024:151c:55f0:fcfb:230:9c06:f25f]) by smtp.gmail.com with ESMTPSA id g83sm1379392pfj.22.2018.02.01.20.37.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Feb 2018 20:37:50 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <10e9ea83-6465-9df7-b88b-bc0f8642a1ee@htt-consult.com>
Date: Thu, 01 Feb 2018 20:37:48 -0800
Cc: sarikaya@ieee.org, Tom Herbert <tom@herbertland.com>, 5GANGIP <5gangip@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4F1A62F2-19F2-4134-A47E-4F2AE1E1197E@gmail.com>
References: <CAC8QAcfTg_osQe4HGF8w-j_w_=2rwUv9-j=M-NhKyV7GVMxFPQ@mail.gmail.com> <0582c4b8-c085-8118-a12d-01a3f952168e@htt-consult.com> <C3F207C6-816E-41D6-B6A3-A32CAFEA0F1B@gmail.com> <10e9ea83-6465-9df7-b88b-bc0f8642a1ee@htt-consult.com>
To: Robert Moskowitz <rgm@htt-consult.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/5gangip/m9horVNuCwKxT4CwadCLeK2xFRc>
Subject: Re: [5gangip] Identifier size
X-BeenThere: 5gangip@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of implications of the upcoming 5th Generation \(fixed and\) Mobile communication systems on IP protocols." <5gangip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/5gangip>, <mailto:5gangip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/5gangip/>
List-Post: <mailto:5gangip@ietf.org>
List-Help: <mailto:5gangip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/5gangip>, <mailto:5gangip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2018 04:37:54 -0000

But I’d bet on 50% probability with a 120-bit identifier. But, as you say, we are old guys.  ;-)

Dino

> On Feb 1, 2018, at 8:22 PM, Robert Moskowitz <rgm@htt-consult.com> wrote:
> 
> This is the wrong way to look at it.  What is the 1% probability of a collision.  At that point, a collision is going to happen.  The 50% probability is a sure bet thing.
> 
> In a possible population of 2^128, the probability of a collision reaches 1% when the population reaches
> 
> 2.7*10^18
> 
> This is a big number, but nowhere like what it takes to reach a 50% collision probability.
> 
> But this thread was on a MUCH smaller size Identifier.  You have to run the numbers and if the probability is even 0.1%, you better include a collision management piece.
> 
> Bob
> 
> On 02/01/2018 06:01 PM, Dino Farinacci wrote:
>> I keep this on my desktop, just for frequent reference. UUIDs are 128 bits.
>> 
>> Dino
>> 
>> <PastedGraphic-2.png>
>> 
>>> On Feb 1, 2018, at 2:18 PM, Robert Moskowitz <rgm@htt-consult.com> wrote:
>>> 
>>> Behcet,
>>> 
>>> I was really sick with the flu and a secondary infection all of January and am only now trying to cut through the backlog.  Us older guys got to watch it...
>>> 
>>> Anyway a comment about length of Identifier.  i have a bit of experience on considering how long to make an Identifier.   For some recent examples on this and the best estimation equation on the probability of collisions, please see:
>>> 
>>> draft-moskowitz-hierarchical-hip
>>> 
>>> Since there will always be collisions, you need some collision management approach.  The above draft provides one such approach.
>>> 
>>> Just sharing a bit of my study into consequences on choosing an Identifier length.
>>> 
>>> I may get through the various responses on this original post still this week...
>>> 
>>> Oh, and I have an Excel sheet that makes using the formula easy; just ask for it.
>>> 
>>> Bob
>>> 
>>> On 01/31/2018 11:27 AM, Behcet Sarikaya wrote:
>>>> Hi Tom, all,
>>>> 
>>>> I changed this tread to identifier size issue.
>>>> 
>>>> Saleem pointed out that:
>>>> ILNPv6 will not work with more than 64 bits in the NID, and that is consistent
>>>> with RFC8200/STD86 (which refers to RFC4291, for the use of a 64 bit ID).
>>>> 
>>>> 
>>>> So my question is the identifier in identifier - locator separation equal to the interface id in RFC 8200?
>>>> 
>>>> If yes, then what happens if the UE has more than one interfaces?
>>>> 
>>>> This makes it the uniqueness of the IID and the identifier is the same problem?
>>>> 
>>>> Regards,
>>>> Behcet
>>>> On Mon, Jan 29, 2018 at 4:16 PM, Tom Herbert <tom@herbertland.com> wrote:
>>>> On Mon, Jan 29, 2018 at 12:39 PM, Behcet Sarikaya
>>>> <sarikaya2012@gmail.com> wrote:
>>>> > Hi all,
>>>> > Dirk and I submitted this PS draft.
>>>> > We need this to be discussed and improved. Please read and comment.
>>>> 
>>>> Hi Behcet,
>>>> 
>>>> Thanks for posting the draft. A few comments...
>>>> 
>>>> "However it can be argued that it is difficult to derive globally
>>>> unique identifiers only using 64 bits.  So it is better to use longer
>>>> identifiers, e.g. 80 bits or longer"
>>>> 
>>>> Can you elaborate on this?
>>>> 
>>>> I think the Privacy issues should be it's own section.
>>>> Identifier/locator has both pitfalls and give opportunities to improve
>>>> privacy.
>>>> 
>>>> "The use of identifiers unique for each user brings privacy issues. If
>>>> the identifier is stolen then your traffic can be unlawfully tracked,
>>>> there could be serious implications of it."
>>>> 
>>>> This is true today when devices have address or assigned a single /64.
>>>> One alternative is gives users thousands or millions of addresses
>>>> (identifier). Identifier/locator split should facilitate that. Note
>>>> that this effect is already provided by NAT since every connection
>>>> through a NAT is translated to non-trackable address/port. NAT has
>>>> some law enforcement agencies freaking out because of its strong
>>>> (inadvertent) privacy!
>>>> 
>>>> "Privacy of identifiers is especially an issue for a UE communication
>>>> with a server like Google, Facebook, LinkedIn, etc."
>>>> 
>>>> You might want to mention that simple identifier rotation [RFC4914] is
>>>> not enough these days..
>>>> 
>>>> "Privacy issue can be mitigated only if Id-Loc system has proxy mode
>>>> of operation.  In proxy mode, user traffic is intercepted by a proxy.
>>>> Proxy node which could be placed at the subnet router or site border
>>>> router.  The router tunnels the traffic to the server.  In the process
>>>> UE identifier becomes hidden and this hopefully removes privacy
>>>> issues."
>>>> 
>>>> I'm not sure what this means. Multiple identifiers per deivce should
>>>> address the privacy issue, Maybe a proxy would have the same effect?
>>>> 
>>>> "5G specific identifiers can also used to deal with privacy issues.
>>>> IMSI is known to be 64 bit and unique for each UE.  IMSI should not be
>>>> exposed to any entities.  It is like 64-identifier.  Instead
>>>> identifiers like 5G-GUTI can be used"
>>>> 
>>>> I think this is two levels. An identifier in IP identifies a node for
>>>> the purpose of being the endpoint of the communication. Something like
>>>> IMSI identifies a specific device (and hence user). In the best case
>>>> scenario, IP identifiers don't reveal the identity of users and they
>>>> can be made externally visible. IMSI is by its nature sensitive
>>>> information and only visible in a trusted domain. A mapping system
>>>> will need to map identifiers to identities (like an IMSI) so the
>>>> system needs to be secured.
>>>> 
>>>> A big item missing in this section is locator security. Fine grained
>>>> locators used in cellular system could be used to infer the
>>>> geo-location of devices and hence users, thus enabling stalkers
>>>> everywhere.  So locators need restricted visibility somehow..
>>>> 
>>>> Tom
>>>> 
>>>> 
>>>> > Also we are soliciting co-authors, please let us know.
>>>> >
>>>> > Regards,
>>>> > Dirk & Behcet
>>>> >
>>>> >
>>>> > A new version of I-D, draft-hspab-5gangip-atticps-00.txt
>>>> > has been successfully submitted by Behcet Sarikaya and posted to the
>>>> > IETF repository.
>>>> >
>>>> > Name:           draft-hspab-5gangip-atticps
>>>> > Revision:       00
>>>> > Title:          IP Issues and Associated Gaps in Fifth Generation Wireless
>>>> > Networks
>>>> > Document date:  2018-01-28
>>>> > Group:          Individual Submission
>>>> > Pages:          7
>>>> > URL:
>>>> > https://www.ietf.org/internet-drafts/draft-hspab-5gangip-atticps-00.txt
>>>> > Status:
>>>> > https://datatracker.ietf.org/doc/draft-hspab-5gangip-atticps/
>>>> > Htmlized:       https://tools.ietf.org/html/draft-hspab-5gangip-atticps-00
>>>> > Htmlized:
>>>> > https://datatracker.ietf.org/doc/html/draft-hspab-5gangip-atticps-00
>>>> >
>>>> >
>>>> > Abstract:
>>>> >    This document attempts to make the case for new work that need to be
>>>> >    developed to be used among various virtualized functions and the end
>>>> >    user which may be moving.  First a set of use cases on tunneling,
>>>> >    charging, mobility anchors are developed and then the steps of
>>>> >    proposed new work is described next.
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > Please note that it may take a couple of minutes from the time of submission
>>>> > until the htmlized version and diff are available at tools.ietf.org.
>>>> >
>>>> > The IETF Secretariat
>>>> >
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > 5gangip mailing list
>>>> > 5gangip@ietf.org
>>>> > https://www.ietf.org/mailman/listinfo/5gangip
>>>> >
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> 5gangip mailing list
>>>> 
>>>> 5gangip@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/5gangip
>>> 
>>> _______________________________________________
>>> 5gangip mailing list
>>> 5gangip@ietf.org
>>> https://www.ietf.org/mailman/listinfo/5gangip
>> 
>

v2.23.0 | Report a Bug | By Email