Re: [hiaps] with respect to the BOF request.
Behcet Sarikaya <sarikaya2012@gmail.com> Thu, 12 December 2013 17:47 UTC
Return-Path: <sarikaya2012@gmail.com>
X-Original-To: hiaps@ietfa.amsl.com
Delivered-To: hiaps@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com
(Postfix) with ESMTP id CD9341ADF84 for <hiaps@ietfa.amsl.com>;
Thu, 12 Dec 2013 09:47:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No,
score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ePU3zTQMZ-gM for
<hiaps@ietfa.amsl.com>; Thu, 12 Dec 2013 09:47:13 -0800 (PST)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com
[IPv6:2a00:1450:4010:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id
32E1B1ADE86 for <hiaps@ietf.org>; Thu, 12 Dec 2013 09:47:12 -0800 (PST)
Received: by mail-la0-f48.google.com with SMTP id n7so567119lam.21 for
<hiaps@ietf.org>; Thu, 12 Dec 2013 09:47:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:reply-to:in-reply-to:references:date:message-id
:subject:from:to:cc:content-type;
bh=2DRqo20959yV/0Invz9DWFcLbSI+9VkttUxzAXI+j9w=;
b=MGcFF0Z8441scwuGB8/QHm0EVH74bYx0LPYpLA3k/A8YAO3PtAKEnEzcobJv1C6aF5
zsk1r9vgPe8egWRvYdBTt3PNb4yQlgkBhIIjRPrwUVM7rZr46pfa3XU37VimPowJvVmi
TxgmFWXjrHEpRvcUMYJGxvxx2Cn5p87Df6/W4zJ6sbA+SVfVhPc8pKd7OBl3j1BgeBk1
Ts3SBjf6KmIVD/9m11UjIf99JdQFAQx0E7t5Qtvkoo11BEVqVpuyp3vlTb1EdnyfB5jN
qbXNqVBp7yekfO85ZwoGRrjyEIt78rsl3GMgtokP3vq8AnDScKVwCxylF/wEGw6I4ei/ XlCA==
MIME-Version: 1.0
X-Received: by 10.152.1.5 with SMTP id 5mr4543048lai.20.1386870425117;
Thu, 12 Dec 2013 09:47:05 -0800 (PST)
Received: by 10.115.4.165 with HTTP; Thu, 12 Dec 2013 09:47:05 -0800 (PST)
In-Reply-To: <52A9F4EB.2020103@bogus.com>
References: <52A97466.2060901@bogus.com>
<CAC8QAceGL2MS3m-CU3FBxP2cf4Gu4JvtkaJ05JjJGxYmtinTMA@mail.gmail.com>
<52A9F4EB.2020103@bogus.com>
Date: Thu, 12 Dec 2013 11:47:05 -0600
Message-ID: <CAC8QAccKCx+6HnMm6gQ8Cx2utva5=JupZuD2zQLT-jWE23Gd_w@mail.gmail.com>
From: Behcet Sarikaya <sarikaya2012@gmail.com>
To: joel jaeggli <joelja@bogus.com>
Content-Type: multipart/alternative; boundary=089e013c664409e6c404ed59efc0
Cc: hiaps@ietf.org
Subject: Re: [hiaps] with respect to the BOF request.
X-BeenThere: hiaps@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: sarikaya@ieee.org
List-Id: "Host Identification,
Address and Prefix Sharing in Wi-Fi Access \(hiaps\)" <hiaps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hiaps>,
<mailto:hiaps-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hiaps/>
List-Post: <mailto:hiaps@ietf.org>
List-Help: <mailto:hiaps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hiaps>,
<mailto:hiaps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2013 17:47:16 -0000
On Thu, Dec 12, 2013 at 11:39 AM, joel jaeggli <joelja@bogus.com> wrote: > On 12/12/13, 9:19 AM, Behcet Sarikaya wrote: > > Hi Joel, > > > > Thanks for your comments. > > My views inline. > > Med can say more... > > > > > > On Thu, Dec 12, 2013 at 2:31 AM, joel jaeggli <joelja@bogus.com> wrote: > > > >>> Description: Host identification is required in IPv4 when the hosts are > >> behind a NAT box or > >>> when the communication is tunneled such as using IPSec. Host > >> identification is also > >>> required in IPv6 when the hosts are assigned addresses from a shared > >> prefix. In most of > >>> these scenarios, the hosts access the network using Wireless Local Area > >> Networks, aka > >>> Wi-Fi access. In case the hosts are behind a NAT box, there is a strong > >> need for the host > >>> identification when the host is accessing a fixed network and trying to > >> place an emergency >call. > >> > >> It is likely given current events, that persistent identifiers visible > >> to on-path observers are going to be viewed by the IETF community in > >> general in an extraordinarily negative light. in particular in the IPv6 > >> context I would think it antithetical to the goals of regular rotation > >> of temporary/privacy or cryptographically generated addresses to retain > >> host identity bindings that are visible outside a limited scope e.g. an > >> l2 domain and which persist across host address changes. > >> > >> I understand there are privacy concerns. > > But in our case, we justify it strongly on a case-by-case basis. > > > > In our IPv6 case, host identifier is IPv6 address and it needs to be > > revealed to the edge router. We don't see any privacy issue here because > > the edge router will know IPv6 address of the communicating hosts anyway. > > > > In our IPv4 case, the situation is that the host is in the process of > > making an emergency call. The call server to which the host identity will > > be revealed has to find the position of the host in order to serve the > > host. > > Again we don't see the same effects of revealing the host identity to > any > > server in this case. It is emergency call situation. > > Oddly I don't agree. being an emergency does not absolve us of dealing > with the question of visibility on path. > > Of course, this brings the security of the protocols used in the solutions issue, right? We need to work on that. I believe the protocols can be made secure. > > Having said the above two, I think we need to of course clarify these > > issues in the drafts as much as possible. > > > > In case of IPv4 we have many other cases, e.g. CGA and the concerns you > > mentioned could be valid to some extent, I believe those are somewhat > > clarified in Med's RFCs, Med can chip in here to say more. > > > > In terms of employing them for roaming, the question of how would they > >> be generated and where who they be stored becomes germain. What > >> semantics are they actually carrying and the question of persistence > >> further raises the stakes with respect to revalation to remote > observers. > >> > >> > >> I think it was clarified during email discussions on the list that there > > is no roaming case per se in hiaps, we do not have any case that > requires a > > persistent host identity during roaming. Of course we consider mobile > hosts > > but the identity will be different in each place. > > yeah that's not what I took away from the dicussion. > > I hope it is clarified now? > > > > > >> _______________________________________________ > >> hiaps mailing list > >> hiaps@ietf.org > >> https://www.ietf.org/mailman/listinfo/hiaps > >> > >> > > > > >
- [hiaps] with respect to the BOF request. joel jaeggli
- Re: [hiaps] with respect to the BOF request. Behcet Sarikaya
- Re: [hiaps] with respect to the BOF request. joel jaeggli
- Re: [hiaps] with respect to the BOF request. Behcet Sarikaya
- Re: [hiaps] with respect to the BOF request. Dirk.von-Hugo