IETF Logo Mail Archive

Re: [babel] Secdir last call review of draft-ietf-babel-rtt-extension-04

Shivan Kaul Sahib <shivankaulsahib@gmail.com> Wed, 11 October 2023 23:01 UTC

Return-Path: <shivankaul.1993@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDFBC14CE36; Wed, 11 Oct 2023 16:01:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.857
X-Spam-Level:
X-Spam-Status: No, score=-6.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YZHuMHX5EPGx; Wed, 11 Oct 2023 16:01:20 -0700 (PDT)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DF92C14CE55; Wed, 11 Oct 2023 16:01:20 -0700 (PDT)
Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-31427ddd3fbso341128f8f.0; Wed, 11 Oct 2023 16:01:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697065279; x=1697670079; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=VwzulSyW2xDP3CVYjtxdSg5JkjglVBx2rbD/Rw3hdq4=; b=hcGFSHyoWjnYRAwxUGVf6xQmU8oQ5vUGklANlO2b2zvrLo6paNvKddFj9BUuaAr9/c MrNsd3GLaVL2z5/k9ebPpEv+Q5h8ASUAtzy38d3g5HXeT9AGpoOT2xYqvjfTrLlkFm0f 55dcQvA+gNLvLcqlCsD0DRBawMNLkO9bXog6+0XM3hiCoDEcyb1K10rKChIiJ4ArT5gi Cc7YoLdYQDFrUSNIM660mr2gldPqQ/WAEPiLuCF4jTh6EIStReC9uP2MAvnLD5oJ6t5Y ym6GGEOFFloTNboy6fRADGisNS1ycn+vGz1VS+T3970ag4FkOBM+XJpQ0RhjXz+uGrtL cuIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697065279; x=1697670079; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VwzulSyW2xDP3CVYjtxdSg5JkjglVBx2rbD/Rw3hdq4=; b=Awkhpok2TIP024L8o1rmi2H5iYKBnFZgpUNNcrvK+LF4Ww9IMw0NibWpmjajqhEhwP HNS+Ivwnu+TS4PuPrE3i1+SNYevCojYPOJX4PovYdq0mvgDL26iP3JVmGwXAlrz1Y9jR PO+wBQTf7DiyOptbgxNeRW28pCSKiXkn2MgCLMi11RE3RMydFN0TOT+x/CKWAOWOqXmR /wlG7nXYcD8Cz52VDaHTE92f3ZVsU4c35GEGx6KejhZx6L8pMtJb2o2pW5knHoL32cEs 8hqaAmabrQzAjOEQIcc1moUjtDIIhVLsh6SPiNeYM7SluUUT9hC4CtIEPEcuXP8gAhR+ 3ICQ==
X-Gm-Message-State: AOJu0YwplMst/e5jrKm5lxZPwALNyq56Dzx8vA1AxoyHpgCoxXT5OyYy zyL9XEDgLQPS8feTY7aj31tsG1+L35FDDIvjVyM=
X-Google-Smtp-Source: AGHT+IEHSFubf3SHs23tGDVe3+5Q0sibHuucUUgC4E7RyROvfvKL8B131QBJryDeG61aXf/M9Nl58PTUVFTkcr2iJ+s=
X-Received: by 2002:a5d:574f:0:b0:324:884a:5cd0 with SMTP id q15-20020a5d574f000000b00324884a5cd0mr18193303wrw.47.1697065278512; Wed, 11 Oct 2023 16:01:18 -0700 (PDT)
MIME-Version: 1.0
References: <169690561656.636.8204474299201117349@ietfa.amsl.com> <87bkd6ztdk.wl-jch@irif.fr> <CAG3f7MjdVbd9F9n1tEfnxdiEg2TZG=rtDBojgaSZTQEcbsEPyw@mail.gmail.com> <CAPDSy+6cRezEKKEuLhZekY8rmG0=aDm_JtGkooWaaExaefOPRg@mail.gmail.com> <87cyxm42n0.wl-jch@irif.fr>
In-Reply-To: <87cyxm42n0.wl-jch@irif.fr>
From: Shivan Kaul Sahib <shivankaulsahib@gmail.com>
Date: Wed, 11 Oct 2023 16:00:42 -0700
Message-ID: <CAG3f7MhdTLs6LAbYMLDXdF9H5gE7fgv9xi66Su9cVT=q_p1jzg@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, secdir@ietf.org, babel@ietf.org, draft-ietf-babel-rtt-extension.all@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary="00000000000016221c060778cd6c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/im_vY86FdkZhS3JLzqfrNmaYqao>
Subject: Re: [babel] Secdir last call review of draft-ietf-babel-rtt-extension-04
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2023 23:01:23 -0000

On Tue, 10 Oct 2023 at 13:57, Juliusz Chroboczek <jch@irif.fr> wrote:

> > I'll also note that routing protocol nodes are often border routers that
> have
> > privacy properties more similar to a web server than to a web client.
>
> Uh-huh.  I could be wrong, but I think that Shivan is merely requesting
> that we should mention the issue somewhere.  Which I agree with.
>

I might be missing something, but the introduction of this document says
that one of the motivating factors is that VPNs and tunnels can mess up
routing and RTT calculation helps with that. Are we not talking about
end-users' VPNs?


>
> > A good solution here would be to add a note that clarifies this and
> > warns against deploying Babel RTT unencrypted on devices whose network
> > location is privacy-sensitive.
>
> I'm not sure if encrypting the Babel control traffic solves the problem.
> Even if the data is encrypted, it is still communicated to the other Babel
> nodes in the network, who might not or might not be trusted to learn your
> location.
>

Yeah I don't think encryption helps with the privacy problem here.

>
> Claiming that encryption solves the problem would be a little bit like
> insisting that all HTTP traffic be encrypted while at the same time
> providing a mobile OS that shares your private data with Google.
>
> (Cheap shot, I know.)
>
> -- Juliusz
>

v2.23.0 | Report a Bug | By Email