IETF Logo Mail Archive

Re: [5gangip] Identifier size

Robert Moskowitz <rgm@htt-consult.com> Fri, 02 February 2018 05:00 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: 5gangip@ietfa.amsl.com
Delivered-To: 5gangip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AB581274D2 for <5gangip@ietfa.amsl.com>; Thu, 1 Feb 2018 21:00:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.762
X-Spam-Level:
X-Spam-Status: No, score=-2.762 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blWDf_T0gtd2 for <5gangip@ietfa.amsl.com>; Thu, 1 Feb 2018 21:00:04 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC8CC1200C5 for <5gangip@ietf.org>; Thu, 1 Feb 2018 21:00:03 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id DFE4062382; Fri, 2 Feb 2018 00:00:01 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ziCv9JDHZMlV; Thu, 1 Feb 2018 23:59:54 -0500 (EST)
Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 78AD462381; Thu, 1 Feb 2018 23:59:52 -0500 (EST)
To: Dino Farinacci <farinacci@gmail.com>
Cc: sarikaya@ieee.org, Tom Herbert <tom@herbertland.com>, 5GANGIP <5gangip@ietf.org>
References: <CAC8QAcfTg_osQe4HGF8w-j_w_=2rwUv9-j=M-NhKyV7GVMxFPQ@mail.gmail.com> <0582c4b8-c085-8118-a12d-01a3f952168e@htt-consult.com> <C3F207C6-816E-41D6-B6A3-A32CAFEA0F1B@gmail.com> <10e9ea83-6465-9df7-b88b-bc0f8642a1ee@htt-consult.com> <4F1A62F2-19F2-4134-A47E-4F2AE1E1197E@gmail.com>
From: Robert Moskowitz <rgm@htt-consult.com>
Message-ID: <e0f57a2f-039c-81f9-f73d-c8b0b05c8862@htt-consult.com>
Date: Thu, 01 Feb 2018 23:59:45 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <4F1A62F2-19F2-4134-A47E-4F2AE1E1197E@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/5gangip/swwe7g3VB5YENu-Nn5bNn1OBKUw>
Subject: Re: [5gangip] Identifier size
X-BeenThere: 5gangip@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of implications of the upcoming 5th Generation \(fixed and\) Mobile communication systems on IP protocols." <5gangip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/5gangip>, <mailto:5gangip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/5gangip/>
List-Post: <mailto:5gangip@ietf.org>
List-Help: <mailto:5gangip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/5gangip>, <mailto:5gangip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2018 05:00:06 -0000

1.4*10^18

1% at 1.7*10^17
.1% at 5.6*10^16

*I* would not bet a design on even a .1% collision probability.  I AM 
including a collision management feature.

Bob

On 02/01/2018 11:37 PM, Dino Farinacci wrote:
> But I’d bet on 50% probability with a 120-bit identifier. But, as you say, we are old guys.  ;-)
>
> Dino
>
>> On Feb 1, 2018, at 8:22 PM, Robert Moskowitz <rgm@htt-consult.com> wrote:
>>
>> This is the wrong way to look at it.  What is the 1% probability of a collision.  At that point, a collision is going to happen.  The 50% probability is a sure bet thing.
>>
>> In a possible population of 2^128, the probability of a collision reaches 1% when the population reaches
>>
>> 2.7*10^18
>>
>> This is a big number, but nowhere like what it takes to reach a 50% collision probability.
>>
>> But this thread was on a MUCH smaller size Identifier.  You have to run the numbers and if the probability is even 0.1%, you better include a collision management piece.
>>
>> Bob
>>
>> On 02/01/2018 06:01 PM, Dino Farinacci wrote:
>>> I keep this on my desktop, just for frequent reference. UUIDs are 128 bits.
>>>
>>> Dino
>>>
>>> <PastedGraphic-2.png>
>>>
>>>> On Feb 1, 2018, at 2:18 PM, Robert Moskowitz <rgm@htt-consult.com> wrote:
>>>>
>>>> Behcet,
>>>>
>>>> I was really sick with the flu and a secondary infection all of January and am only now trying to cut through the backlog.  Us older guys got to watch it...
>>>>
>>>> Anyway a comment about length of Identifier.  i have a bit of experience on considering how long to make an Identifier.   For some recent examples on this and the best estimation equation on the probability of collisions, please see:
>>>>
>>>> draft-moskowitz-hierarchical-hip
>>>>
>>>> Since there will always be collisions, you need some collision management approach.  The above draft provides one such approach.
>>>>
>>>> Just sharing a bit of my study into consequences on choosing an Identifier length.
>>>>
>>>> I may get through the various responses on this original post still this week...
>>>>
>>>> Oh, and I have an Excel sheet that makes using the formula easy; just ask for it.
>>>>
>>>> Bob
>>>>
>>>> On 01/31/2018 11:27 AM, Behcet Sarikaya wrote:
>>>>> Hi Tom, all,
>>>>>
>>>>> I changed this tread to identifier size issue.
>>>>>
>>>>> Saleem pointed out that:
>>>>> ILNPv6 will not work with more than 64 bits in the NID, and that is consistent
>>>>> with RFC8200/STD86 (which refers to RFC4291, for the use of a 64 bit ID).
>>>>>
>>>>>
>>>>> So my question is the identifier in identifier - locator separation equal to the interface id in RFC 8200?
>>>>>
>>>>> If yes, then what happens if the UE has more than one interfaces?
>>>>>
>>>>> This makes it the uniqueness of the IID and the identifier is the same problem?
>>>>>
>>>>> Regards,
>>>>> Behcet
>>>>> On Mon, Jan 29, 2018 at 4:16 PM, Tom Herbert <tom@herbertland.com> wrote:
>>>>> On Mon, Jan 29, 2018 at 12:39 PM, Behcet Sarikaya
>>>>> <sarikaya2012@gmail.com> wrote:
>>>>>> Hi all,
>>>>>> Dirk and I submitted this PS draft.
>>>>>> We need this to be discussed and improved. Please read and comment.
>>>>> Hi Behcet,
>>>>>
>>>>> Thanks for posting the draft. A few comments...
>>>>>
>>>>> "However it can be argued that it is difficult to derive globally
>>>>> unique identifiers only using 64 bits.  So it is better to use longer
>>>>> identifiers, e.g. 80 bits or longer"
>>>>>
>>>>> Can you elaborate on this?
>>>>>
>>>>> I think the Privacy issues should be it's own section.
>>>>> Identifier/locator has both pitfalls and give opportunities to improve
>>>>> privacy.
>>>>>
>>>>> "The use of identifiers unique for each user brings privacy issues. If
>>>>> the identifier is stolen then your traffic can be unlawfully tracked,
>>>>> there could be serious implications of it."
>>>>>
>>>>> This is true today when devices have address or assigned a single /64.
>>>>> One alternative is gives users thousands or millions of addresses
>>>>> (identifier). Identifier/locator split should facilitate that. Note
>>>>> that this effect is already provided by NAT since every connection
>>>>> through a NAT is translated to non-trackable address/port. NAT has
>>>>> some law enforcement agencies freaking out because of its strong
>>>>> (inadvertent) privacy!
>>>>>
>>>>> "Privacy of identifiers is especially an issue for a UE communication
>>>>> with a server like Google, Facebook, LinkedIn, etc."
>>>>>
>>>>> You might want to mention that simple identifier rotation [RFC4914] is
>>>>> not enough these days..
>>>>>
>>>>> "Privacy issue can be mitigated only if Id-Loc system has proxy mode
>>>>> of operation.  In proxy mode, user traffic is intercepted by a proxy.
>>>>> Proxy node which could be placed at the subnet router or site border
>>>>> router.  The router tunnels the traffic to the server.  In the process
>>>>> UE identifier becomes hidden and this hopefully removes privacy
>>>>> issues."
>>>>>
>>>>> I'm not sure what this means. Multiple identifiers per deivce should
>>>>> address the privacy issue, Maybe a proxy would have the same effect?
>>>>>
>>>>> "5G specific identifiers can also used to deal with privacy issues.
>>>>> IMSI is known to be 64 bit and unique for each UE.  IMSI should not be
>>>>> exposed to any entities.  It is like 64-identifier.  Instead
>>>>> identifiers like 5G-GUTI can be used"
>>>>>
>>>>> I think this is two levels. An identifier in IP identifies a node for
>>>>> the purpose of being the endpoint of the communication. Something like
>>>>> IMSI identifies a specific device (and hence user). In the best case
>>>>> scenario, IP identifiers don't reveal the identity of users and they
>>>>> can be made externally visible. IMSI is by its nature sensitive
>>>>> information and only visible in a trusted domain. A mapping system
>>>>> will need to map identifiers to identities (like an IMSI) so the
>>>>> system needs to be secured.
>>>>>
>>>>> A big item missing in this section is locator security. Fine grained
>>>>> locators used in cellular system could be used to infer the
>>>>> geo-location of devices and hence users, thus enabling stalkers
>>>>> everywhere.  So locators need restricted visibility somehow..
>>>>>
>>>>> Tom
>>>>>
>>>>>
>>>>>> Also we are soliciting co-authors, please let us know.
>>>>>>
>>>>>> Regards,
>>>>>> Dirk & Behcet
>>>>>>
>>>>>>
>>>>>> A new version of I-D, draft-hspab-5gangip-atticps-00.txt
>>>>>> has been successfully submitted by Behcet Sarikaya and posted to the
>>>>>> IETF repository.
>>>>>>
>>>>>> Name:           draft-hspab-5gangip-atticps
>>>>>> Revision:       00
>>>>>> Title:          IP Issues and Associated Gaps in Fifth Generation Wireless
>>>>>> Networks
>>>>>> Document date:  2018-01-28
>>>>>> Group:          Individual Submission
>>>>>> Pages:          7
>>>>>> URL:
>>>>>> https://www.ietf.org/internet-drafts/draft-hspab-5gangip-atticps-00.txt
>>>>>> Status:
>>>>>> https://datatracker.ietf.org/doc/draft-hspab-5gangip-atticps/
>>>>>> Htmlized:       https://tools.ietf.org/html/draft-hspab-5gangip-atticps-00
>>>>>> Htmlized:
>>>>>> https://datatracker.ietf.org/doc/html/draft-hspab-5gangip-atticps-00
>>>>>>
>>>>>>
>>>>>> Abstract:
>>>>>>     This document attempts to make the case for new work that need to be
>>>>>>     developed to be used among various virtualized functions and the end
>>>>>>     user which may be moving.  First a set of use cases on tunneling,
>>>>>>     charging, mobility anchors are developed and then the steps of
>>>>>>     proposed new work is described next.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Please note that it may take a couple of minutes from the time of submission
>>>>>> until the htmlized version and diff are available at tools.ietf.org.
>>>>>>
>>>>>> The IETF Secretariat
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> 5gangip mailing list
>>>>>> 5gangip@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/5gangip
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> 5gangip mailing list
>>>>>
>>>>> 5gangip@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/5gangip
>>>> _______________________________________________
>>>> 5gangip mailing list
>>>> 5gangip@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/5gangip

v2.23.0 | Report a Bug | By Email