IETF Logo Mail Archive

Re: [hiaps] with respect to the BOF request.

joel jaeggli <joelja@bogus.com> Thu, 12 December 2013 17:40 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: hiaps@ietfa.amsl.com
Delivered-To: hiaps@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93C401ADFA8 for <hiaps@ietfa.amsl.com>; Thu, 12 Dec 2013 09:40:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QQlJx1c-Bk0Y for <hiaps@ietfa.amsl.com>; Thu, 12 Dec 2013 09:40:09 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id 7E2B91ADF12 for <hiaps@ietf.org>; Thu, 12 Dec 2013 09:40:09 -0800 (PST)
Received: from mb-aye.local (c-50-174-18-221.hsd1.ca.comcast.net [50.174.18.221]) (authenticated bits=0) by nagasaki.bogus.com (8.14.7/8.14.7) with ESMTP id rBCHe0Wl010370 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Thu, 12 Dec 2013 17:40:01 GMT (envelope-from joelja@bogus.com)
Message-ID: <52A9F4EB.2020103@bogus.com>
Date: Thu, 12 Dec 2013 09:39:55 -0800
From: joel jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Thunderbird/26.0
MIME-Version: 1.0
To: sarikaya@ieee.org
References: <52A97466.2060901@bogus.com> <CAC8QAceGL2MS3m-CU3FBxP2cf4Gu4JvtkaJ05JjJGxYmtinTMA@mail.gmail.com>
In-Reply-To: <CAC8QAceGL2MS3m-CU3FBxP2cf4Gu4JvtkaJ05JjJGxYmtinTMA@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wx0bGHtAbbheRnfRebX53jQwRVkVrJGRC"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (nagasaki.bogus.com [147.28.0.81]); Thu, 12 Dec 2013 17:40:01 +0000 (UTC)
Cc: hiaps@ietf.org
Subject: Re: [hiaps] with respect to the BOF request.
X-BeenThere: hiaps@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Host Identification, Address and Prefix Sharing in Wi-Fi Access \(hiaps\)" <hiaps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hiaps>, <mailto:hiaps-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hiaps/>
List-Post: <mailto:hiaps@ietf.org>
List-Help: <mailto:hiaps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hiaps>, <mailto:hiaps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2013 17:40:11 -0000

On 12/12/13, 9:19 AM, Behcet Sarikaya wrote:
> Hi Joel,
> 
> Thanks for your comments.
> My views inline.
> Med can say more...
> 
> 
> On Thu, Dec 12, 2013 at 2:31 AM, joel jaeggli <joelja@bogus.com> wrote:
> 
>>> Description: Host identification is required in IPv4 when the hosts are
>> behind a NAT box or
>>> when the communication is tunneled such as using IPSec. Host
>> identification is also
>>> required in IPv6 when the hosts are assigned addresses from a shared
>> prefix. In most of
>>> these scenarios, the hosts access the network using Wireless Local Area
>> Networks, aka
>>> Wi-Fi access. In case the hosts are behind a NAT box, there is a strong
>> need for the host
>>> identification when the host is accessing a fixed network and trying to
>> place an emergency >call.
>>
>> It is likely given current events, that persistent identifiers visible
>> to on-path observers are going to be viewed by the IETF community in
>> general in an extraordinarily negative light. in particular in the IPv6
>> context I would think it antithetical to the goals of regular rotation
>> of temporary/privacy or cryptographically generated addresses to retain
>> host identity bindings that are visible outside a limited scope e.g. an
>> l2 domain and which persist across host address changes.
>>
>> I understand there are privacy concerns.
> But in our case, we justify it strongly on a case-by-case basis.
> 
> In our IPv6 case, host identifier is IPv6 address and it needs to be
> revealed to the edge router. We don't see any privacy issue here because
> the edge router will know IPv6 address of the communicating hosts anyway.
> 
> In our IPv4 case, the situation is that the host is in the process of
> making an emergency call. The call server to which the host identity will
> be revealed has to find the position of the host in order to serve the
> host.
> Again we don't see the same effects of revealing the host identity  to any
> server in this case. It is emergency call situation.

Oddly I don't agree. being an emergency does not absolve us of dealing
with the question of visibility on path.

> Having said the above two, I think we need to of course clarify these
> issues in the drafts as much as possible.
> 
> In case of IPv4 we have many other cases, e.g. CGA and the concerns you
> mentioned could be valid to some extent, I believe those are somewhat
> clarified in Med's RFCs, Med can chip in here to say more.


> In terms of employing them for roaming, the question of how would they
>> be generated and where who they be stored becomes germain. What
>> semantics are they actually carrying and the question of persistence
>> further raises the  stakes with respect to revalation to remote observers.
>>
>>
>> I think it was clarified during email discussions on the list that there
> is no roaming case per se in hiaps, we do not have any case that requires a
> persistent host identity during roaming. Of course we consider mobile hosts
> but the identity will be different in each place.

yeah that's not what I took away from the dicussion.

> 
> 
>> _______________________________________________
>> hiaps mailing list
>> hiaps@ietf.org
>> https://www.ietf.org/mailman/listinfo/hiaps
>>
>>
>

v2.8.7 | Report a Bug | By Email