IETF Logo Mail Archive

Re: [hiaps] some discussion in the press...

joel jaeggli <joelja@bogus.com> Wed, 29 October 2014 15:00 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: hiaps@ietfa.amsl.com
Delivered-To: hiaps@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8273F1A00F9 for <hiaps@ietfa.amsl.com>; Wed, 29 Oct 2014 08:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KzyndsJ6xIho for <hiaps@ietfa.amsl.com>; Wed, 29 Oct 2014 07:59:56 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FD951A0191 for <hiaps@ietf.org>; Wed, 29 Oct 2014 07:59:56 -0700 (PDT)
Received: from [192.168.43.134] ([172.56.39.54]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id s9TExGXP092275 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 29 Oct 2014 14:59:37 GMT (envelope-from joelja@bogus.com)
Message-ID: <545100BE.7090604@bogus.com>
Date: Wed, 29 Oct 2014 07:59:10 -0700
From: joel jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:33.0) Gecko/20100101 Thunderbird/33.0
MIME-Version: 1.0
To: mohamed.boucadair@orange.com, Brandon Williams <brandon.williams@akamai.com>, "hiaps@ietf.org" <hiaps@ietf.org>
References: <545067B6.4020704@bogus.com> <5450F1B2.9070604@akamai.com> <787AE7BB302AE849A7480A190F8B93301C0A81@OPEXCLILM23.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93301C0A81@OPEXCLILM23.corporate.adroot.infra.ftgroup>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="eDvjrAInCaU37ws6ekpI4A1vD8bQLBIih"
Archived-At: http://mailarchive.ietf.org/arch/msg/hiaps/JaHvxlEHsgrUkn8UMaDOihXR0jc
Subject: Re: [hiaps] some discussion in the press...
X-BeenThere: hiaps@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Host Identification, Address and Prefix Sharing in Wi-Fi Access \(hiaps\)" <hiaps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hiaps>, <mailto:hiaps-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hiaps/>
List-Post: <mailto:hiaps@ietf.org>
List-Help: <mailto:hiaps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hiaps>, <mailto:hiaps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 15:00:03 -0000

On 10/29/14 7:10 AM, mohamed.boucadair@orange.com wrote:
> Hi Brian,
> 
> I echo your comment. 
> 
> None of the proposals inventoried in the HOST_ID effort is trying to do the same thing as X-UIDH header. Moreover, none of these proposals is endorsing the following headers (but not limited to) nor aims at revealing a customer ID, account ID, profile ID, etc.: 
> 
> HTTP_MSISDN, HTTP_X_MSISDN, HTTP_X_UP_CALLING_LINE_ID,
> HTTP_X_NOKIA_MSISDN, HTTP_X_HTS_CLID, HTTP_X_MSP_CLID,
> HTTP_X_NX_CLID, HTTP__RAPMIN, HTTP_X_WAP_MSISDN,
> HTTP_COOKIE, HTTP_X_UP_LSID, HTTP_X_H3G_MSISDN,
> HTTP_X_JINNY_CID, HTTP_X_NETWORK_INFO, ...
> 
> Cheers,
> Med
> 
> -----Message d'origine-----
> De : hiaps [mailto:hiaps-bounces@ietf.org] De la part de Brandon Williams
> Envoyé : mercredi 29 octobre 2014 14:55
> À : joel jaeggli; hiaps@ietf.org
> Objet : Re: [hiaps] some discussion in the press...
> 
> Agreed. Inserting a publicly visible user identifier is a bad idea. 
> That's why all the proposals that have come from people on the hiaps 
> list (to the best of my knowledge) have focused on relaying _host_ 
> identifiers that are already publicly visible (generally the public IP 
> address) through to the other side of middleboxes that are hiding such 
> publicly visible identifiers. If there are proposals out there that 
> violate this principle, I agree entirely that they should be abandoned.

imho one of the assumptions I see in the work is that the host
identifier being relayed was previosuly not publicly visible, hence the
need for hostid injection.  That applies to nat translation for example
it also  applies to differentating between prefix sharing UE's in IPV6
by something other than source address.

http://tools.ietf.org/html/draft-boucadair-intarea-host-identifier-scenarios-07
http://tools.ietf.org/html/rfc6269

that's part of the reason for hiaps bof proposal to consider the problem
of securing such an identifier from differentiation by surveillance.

> --Brandon
> 
> On 10/29/2014 12:06 AM, joel jaeggli wrote:
>> this is pretty much exactly what I would have expected from injection on
>> the wire of an identity token...
>>
>> http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works/
>>
>> http://www.wired.com/2014/10/verizons-perma-cookie/
>>
>> http://www.forbes.com/sites/kashmirhill/2014/10/28/att-says-its-testing-unkillable-tracker-on-customers-smartphones/
>>
>

v2.23.0 | Report a Bug | By Email