Re: [ANCP] Privacy issue in draft-ietf-ancp-mc-extensions-12

Tom Taylor <tom.taylor.stds@gmail.com> Tue, 03 December 2013 19:31 UTC

Return-Path: <tom.taylor.stds@gmail.com>
X-Original-To: ancp@ietfa.amsl.com
Delivered-To: ancp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE1B61AC404 for <ancp@ietfa.amsl.com>; Tue, 3 Dec 2013 11:31:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzlmjE_ibZfj for <ancp@ietfa.amsl.com>; Tue, 3 Dec 2013 11:31:22 -0800 (PST)
Received: from mail-ie0-x22c.google.com (mail-ie0-x22c.google.com [IPv6:2607:f8b0:4001:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 1E6A21AE1A0 for <ancp@ietf.org>; Tue, 3 Dec 2013 11:31:22 -0800 (PST)
Received: by mail-ie0-f172.google.com with SMTP id qd12so24734659ieb.31 for <ancp@ietf.org>; Tue, 03 Dec 2013 11:31:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=QsS8WphMfrnxPLaLfOQze9Y5+KhK8WNxMBw/8tuamRw=; b=HftpEaPaYoFrdDaO9yph5Gup3bs0vyUUEprvxtZVCxihcoKEKjaV7BWcgnSKgZ3O8x 37bJsl6svgG5DpxJfnw46MrwpIH8LiR2ZPsHjfpTpV4W5/9VFt2hOLDJie29C71cLglA mUA3UMe4pk/GiX6eGOMAu5n7sOWWcVxWRLbRqcpsEc78bd1A/f7bK9Y52yKgAhhHFhzv Jbj63caovdRBHLNszoqgzdTZwbTAVCC9dSjhdwfNimC9WPWi8f3QmOJqkUZTcqBKzrBQ T0EPCh/kuuzZ4yMmhQ+yqFXNCyUSEEKhvJEcPYe/Ao6BsGR92whWPXMiktEBnrM6qouT L0zQ==
X-Received: by 10.42.47.201 with SMTP id p9mr47456652icf.4.1386099079366; Tue, 03 Dec 2013 11:31:19 -0800 (PST)
Received: from [192.168.1.65] ([64.56.250.4]) by mx.google.com with ESMTPSA id p14sm4620637igr.7.2013.12.03.11.31.18 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 03 Dec 2013 11:31:18 -0800 (PST)
Message-ID: <529E3183.8010602@gmail.com>
Date: Tue, 03 Dec 2013 14:31:15 -0500
From: Tom Taylor <tom.taylor.stds@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: Ted Lemon <ted.lemon@nominum.com>, "Francois Le Faucheur (flefauch)" <flefauch@cisco.com>
References: <529BA104.2050500@gmail.com> <6EE0FD67-10BB-480C-941A-2C7986A91314@cisco.com> <8FB5A82B-9938-4D66-BE24-BD0E8EAC73E0@nominum.com>
In-Reply-To: <8FB5A82B-9938-4D66-BE24-BD0E8EAC73E0@nominum.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "ancp@ietf.org" <ancp@ietf.org>
Subject: Re: [ANCP] Privacy issue in draft-ietf-ancp-mc-extensions-12
X-BeenThere: ancp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Access Node Control Protocol working group mailing list <ancp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ancp>, <mailto:ancp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ancp/>
List-Post: <mailto:ancp@ietf.org>
List-Help: <mailto:ancp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ancp>, <mailto:ancp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2013 19:31:24 -0000

On 02/12/2013 10:15 AM, Ted Lemon wrote:
> I think that I've failed to adequately communicate the concern I have
> about this.   It might help for folks to review
> http://tools.ietf.org/html/draft-ietf-6man-ipv6-address-generation-privacy-00,
> particularly section 3.1 (but you should probably read up to that so
> that you get the context).
>
> I am assuming here that the device whose MAC address is being
> identified is some end-user device, not the home gateway.   On an
> IPv4 network, or an IPv6 network for devices that use stable privacy
> addresses
> (http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-15),
> there is no ability to correlate activities based on the MAC address
> of the host.   So using the MAC address as an identifier for access
> control goes against the current trend in the IETF of avoiding using
> global, fixed identifiers like the MAC address in this way.
>
> If there is a need for an identifier to be used for access control,
> it should be an identifier specific to the context, which will not be
> used in other contexts.   So it shouldn't be the MAC address.
>
>
[PTT] Point about MAC address privacy accepted. Thinking over the IP 
address alternative, I can see practical problems -- since the device is 
in the home network, the provider has no control over the stability of 
the address (if IPv6), and can't determine the device from the address 
(if IPv4 with the usual NAT at the home gateway). My proposed technical 
solution would be to require the AN to create a context-specific device 
identifier by hashing the MAC address with something stable at the AN, 
with the result predictable so that the subscriber AAA profile can be 
set up as required.

The use cases I could see for this are not essential but possible:
-- provider-enforced parental controls on selected devices
-- provider-enforced device-specific limitations (e.g., mobile vs. fixed)

Have to admit the second case at least seems very weak.

Tom Taylor