Re: [apps-discuss] Comments on draft-ietf-appsawg-http-forwarded-02
Andreas Petersson <andreas@sbin.se> Fri, 18 May 2012 15:45 UTC
Return-Path: <andreas@sbin.se>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D32B21F86AA for <apps-discuss@ietfa.amsl.com>; Fri, 18 May 2012 08:45:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7CQm0+YwuwLP for <apps-discuss@ietfa.amsl.com>; Fri, 18 May 2012 08:45:26 -0700 (PDT)
Received: from mail.lysator.liu.se (mail.lysator.liu.se [IPv6:2001:6b0:17:f0a0::3]) by ietfa.amsl.com (Postfix) with ESMTP id CF9BC21F868A for <apps-discuss@ietf.org>; Fri, 18 May 2012 08:45:25 -0700 (PDT)
Received: from mail.lysator.liu.se (localhost [127.0.0.1]) by mail.lysator.liu.se (Postfix) with ESMTP id BB7BE40040 for <apps-discuss@ietf.org>; Fri, 18 May 2012 17:45:22 +0200 (CEST)
Received: by mail.lysator.liu.se (Postfix, from userid 1004) id B0D0C4003D; Fri, 18 May 2012 17:45:22 +0200 (CEST)
Received: from [83.253.180.83] (c83-253-180-83.bredband.comhem.se [83.253.180.83]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.lysator.liu.se (Postfix) with ESMTPSA id C445040010; Fri, 18 May 2012 17:45:18 +0200 (CEST)
Message-ID: <4FB66EA4.9000703@sbin.se>
Date: Fri, 18 May 2012 17:45:40 +0200
From: Andreas Petersson <andreas@sbin.se>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Alissa Cooper <acooper@cdt.org>
References: <6.2.5.6.2.20120502074325.0ababa28@elandnews.com> <4FAFA51F.4040508@sbin.se> <6.2.5.6.2.20120513074613.092bab70@resistor.net> <4FB0D246.4020608@cs.tcd.ie> <20120514122954.242cb1be@hetzer> <4FB0E828.9040405@cs.tcd.ie> <20120514134501.067cbd96@hetzer> <4FB18597.1020703@cs.tcd.ie> <6.2.5.6.2.20120514155407.099847c8@resistor.net> <B3876539-F25E-4519-99CF-04A59D5E36D0@cdt.org>
In-Reply-To: <B3876539-F25E-4519-99CF-04A59D5E36D0@cdt.org>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] Comments on draft-ietf-appsawg-http-forwarded-02
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2012 15:45:27 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. Comments inlined. On 5/17/12 11:29 PM, Alissa Cooper wrote: > Hi Andreas, > > I've included below a version of some privacy text that I provided > in section 4 of draft-ietf-intarea-nat-reveal-analysis, adapted for > the Forwarded header. Since the privacy implications are so > similar, I thought it might make sense to re-use this in some form; > feel free to use or tweak as you wish. I have some further notes > below. > Thanks for your text. We will consider this when we write our privacy considerations section. > > Notes: > > 1. Section 5.2 says that the typical value of the forwarded-for > parameter is an IP address but that it MAY be some other kind of > identifier. What other identifiers might it be? Are there any > identifiers that should be taken off the table (e.g., subscriber > IDs, MAC addresses, credit card numbers)? Obviously some of these > are more likely to have value than others but I think it's > important to scope this if possible. Just because a proxy may know > some persistent host identifier doesn't mean it should be forwarded > around in an HTTP header. Essentially, any token you like that fits in the obf-node. What this translates depends highly on the environment. Of course some things are more suitable than others to use as identifier. Putting a credit card number there and send it around the Internet seems stupid. I don't believe someone will do that, and if they would, the would do it regardless of this header field. > > 2. I'm wondering if, in addition to the information leak problem > discussed in 8.2, there is also an issue of distinguishability of > multiple users who are all behind the same NAT/proxy but may not > all be behind the same chain of proxies. That is, suppose A and B > are the only two hosts behind a particular NAT and A installed the > NAT to help protect his identity. B's traffic passes through 2 > further proxies that use Forwarded headers before arriving at C. > A's traffic passes through no proxies to arrive at C. C can now > effectively identify A. This is just one case -- I'm not sure how > realistic it is, but I'm sure there are others. Seems like this is > worth more thought/discussion in the text. > This sounds very confused. C can probably also distinguish A from client headers. Installing a NAT in order to protect his identity seems also very strange (with that few users). > 3. In general it seems like somewhere -- not sure if it should be > here, or in the nat-reveal draft, or somewhere else -- the > interactions between different mechanisms for IP address hiding and > sharing need to be addressed. For example, if my request goes > through multiple middleboxes that implement the TCP option for > nat-reveal > (http://tools.ietf.org/html/draft-wing-nat-reveal-option-03) and > then hits an HTTP proxy, can I expect the proxy to take my IP > address out of the TCP option and insert it into a Forwarded > header? If I want to hide my IP address from the combination of > these mechanisms, what do I need to do? > I don't think you can expect anything. The fact is that a lot of proxies are already adding X-Forwarded-For header field though. This is only a formal specification of that, with extra features. If you weren't using any proxy at all, you can't hide your address, of course. So if you use a proxy, that is not under your control, it is likely that the proxy administrator do not want to hide your real address. If he hides your address it is more likely he gets more abuse-cases etc. However, if he is aware of that, and want to provide you an anonymizing service, he can just choose not to add any Forwarded-header. So, if you do not want your address to be revealed after a proxy, make sure that you use a proxy that has the purpose of being anonymizing. You must also make sure that you trust the administrator of that proxy not to leak logs files etc in any other way. > 4. It might be helpful to take a look through > <http://tools.ietf.org/html/draft-iab-privacy-considerations-02#section-5> > -- I haven't had time to think through all the questions listed. I don't think that really apply here, since the intention is not to add information that would be unknown if no proxy were used at all. Cheers, Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPtm6jAAoJEEaYRbQUWNle5SwP/A+8/d/oJc/wzkPv9hALb5Wb zkNM9h9yK8+vhBr7ydmeEC/5cnrevPnNnJqhVKbebAVDBpibvwpSzLUTvgScJe+P fQXlYj8p3rdfCFEKI70OcdijqMfca9VWjgSWrOhhErT16HsHVeGWhWYtwhXrZx1Q zsGjmyCdahzCRUlCLL2Ya9q4ZX7FnvsvD5W0+AOXj8mXj8LwV6ZjRh4+2oSDGUuC qa90vnje329xWcVRuQ6Gvy/xr6GmoN88KUfN8xb1kL9Kmcz3SUT2Za3Bcy5S5uUG QdIR4xfq36RRRc5W5TnCYiaA+d872EhZQ/vWKbiUk1D0wTkQM/IDeB0WLc/vzulb aRT7cWWTVJpRIHt1/UfKwh3gA6yahOnApC+spAzYjbrXi+Dj5M/xl9iJPtmeiHFl g87dBo42DbwKIBzgdVixJrthBuscCNREVAnzMdZd4szC8fUY1GpHZBzWBe3KEEGf SNv+vP0xWJDWIoob46L00iWsf9/1h9EjJAWqIyxxMEUF4GTRTUTl90L+o2JLvS/Q 0s5gVHl6Y3cJkIa99j+01G3st+z4ggVDStlWYnsSiloJBPb1ua+vcqwPktwygnLG gHbqubv9bvxs95rxcBZfaJbo8HMQOHXfKtHGawWRYHqRJBKy4FEe9CBG5cF2XmsU gWC9vg1ZgifHu97UouoI =tl+U -----END PGP SIGNATURE-----
- [apps-discuss] Comments on draft-ietf-appsawg-htt… SM
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Comments on draft-ietf-appsawg… SM
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Stephen Farrell
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Stephen Farrell
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Stephen Farrell
- Re: [apps-discuss] Comments on draft-ietf-appsawg… SM
- Re: [apps-discuss] Comments on draft-ietf-appsawg… SM
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Ben Niven-Jenkins
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Alissa Cooper
- Re: [apps-discuss] Comments on draft-ietf-appsawg… SM
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Andreas Petersson
- Re: [apps-discuss] Comments on draft-ietf-appsawg… Alissa Cooper