Re: [ANCP] Privacy issue in draft-ietf-ancp-mc-extensions-12

Ted Lemon <ted.lemon@nominum.com> Mon, 02 December 2013 15:16 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: ancp@ietfa.amsl.com
Delivered-To: ancp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F2EB1AE057 for <ancp@ietfa.amsl.com>; Mon, 2 Dec 2013 07:16:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YdUVGVatAvnQ for <ancp@ietfa.amsl.com>; Mon, 2 Dec 2013 07:16:35 -0800 (PST)
Received: from exprod7og125.obsmtp.com (exprod7og125.obsmtp.com [64.18.2.28]) by ietfa.amsl.com (Postfix) with ESMTP id 950B51A1F56 for <ancp@ietf.org>; Mon, 2 Dec 2013 07:16:07 -0800 (PST)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob125.postini.com ([64.18.6.12]) with SMTP ID DSNKUpykNdUBWA05gWor5v5OiHMLwpy2Le1X@postini.com; Mon, 02 Dec 2013 07:16:05 PST
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 4FEA21B82D0 for <ancp@ietf.org>; Mon, 2 Dec 2013 07:16:05 -0800 (PST)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id 2B778190043; Mon, 2 Dec 2013 07:16:05 -0800 (PST)
Received: from [10.0.10.40] (192.168.1.10) by CAS-01.WIN.NOMINUM.COM (192.168.1.100) with Microsoft SMTP Server (TLS) id 14.3.158.1; Mon, 2 Dec 2013 07:16:05 -0800
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Ted Lemon <ted.lemon@nominum.com>
In-Reply-To: <6EE0FD67-10BB-480C-941A-2C7986A91314@cisco.com>
Date: Mon, 2 Dec 2013 10:15:59 -0500
Content-Transfer-Encoding: quoted-printable
Message-ID: <8FB5A82B-9938-4D66-BE24-BD0E8EAC73E0@nominum.com>
References: <529BA104.2050500@gmail.com> <6EE0FD67-10BB-480C-941A-2C7986A91314@cisco.com>
To: "Francois Le Faucheur (flefauch)" <flefauch@cisco.com>
X-Mailer: Apple Mail (2.1822)
X-Originating-IP: [192.168.1.10]
Cc: "ancp@ietf.org" <ancp@ietf.org>
Subject: Re: [ANCP] Privacy issue in draft-ietf-ancp-mc-extensions-12
X-BeenThere: ancp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Access Node Control Protocol working group mailing list <ancp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ancp>, <mailto:ancp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ancp/>
List-Post: <mailto:ancp@ietf.org>
List-Help: <mailto:ancp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ancp>, <mailto:ancp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2013 15:16:36 -0000

I think that I've failed to adequately communicate the concern I have about this.   It might help for folks to review http://tools.ietf.org/html/draft-ietf-6man-ipv6-address-generation-privacy-00, particularly section 3.1 (but you should probably read up to that so that you get the context).

I am assuming here that the device whose MAC address is being identified is some end-user device, not the home gateway.   On an IPv4 network, or an IPv6 network for devices that use stable privacy addresses (http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-15), there is no ability to correlate activities based on the MAC address of the host.   So using the MAC address as an identifier for access control goes against the current trend in the IETF of avoiding using global, fixed identifiers like the MAC address in this way.

If there is a need for an identifier to be used for access control, it should be an identifier specific to the context, which will not be used in other contexts.   So it shouldn't be the MAC address.