IETF Logo Mail Archive

Re: [hiaps] some discussion in the press...

<Dirk.von-Hugo@telekom.de> Tue, 04 November 2014 14:18 UTC

Return-Path: <Dirk.von-Hugo@telekom.de>
X-Original-To: hiaps@ietfa.amsl.com
Delivered-To: hiaps@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 515111A6F0E for <hiaps@ietfa.amsl.com>; Tue, 4 Nov 2014 06:18:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.444
X-Spam-Level:
X-Spam-Status: No, score=-4.444 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 596VsnhMC6S1 for <hiaps@ietfa.amsl.com>; Tue, 4 Nov 2014 06:17:58 -0800 (PST)
Received: from tcmail13.telekom.de (tcmail13.telekom.de [80.149.113.165]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE82F1A8780 for <hiaps@ietf.org>; Tue, 4 Nov 2014 06:17:57 -0800 (PST)
Received: from qdezc2.de.t-internal.com ([10.125.181.10]) by tcmail11.telekom.de with ESMTP; 04 Nov 2014 15:17:55 +0100
X-IronPort-AV: E=Sophos;i="5.07,313,1413237600"; d="scan'208";a="160877618"
Received: from he113445.emea1.cds.t-internal.com ([10.134.93.105]) by qde0ps.de.t-internal.com with ESMTP/TLS/AES128-SHA; 04 Nov 2014 15:17:54 +0100
Received: from HE113484.emea1.cds.t-internal.com ([10.134.93.124]) by HE113445.emea1.cds.t-internal.com ([::1]) with mapi; Tue, 4 Nov 2014 15:17:54 +0100
From: Dirk.von-Hugo@telekom.de
To: sarikaya@ieee.org, joelja@bogus.com
Date: Tue, 04 Nov 2014 15:17:53 +0100
Thread-Topic: [hiaps] some discussion in the press...
Thread-Index: Ac/3e0WwT+BSadtyRzmAZNiQMnltSwAut09A
Message-ID: <05C81A773E48DD49B181B04BA21A342A2E5EA932D9@HE113484.emea1.cds.t-internal.com>
References: <545067B6.4020704@bogus.com> <5450F1B2.9070604@akamai.com> <787AE7BB302AE849A7480A190F8B93301C0A81@OPEXCLILM23.corporate.adroot.infra.ftgroup> <545100BE.7090604@bogus.com> <CAC8QAceeBhT1sqLJcyWFuStqjz+vD0UBzqazE7O1s-z+6UwPww@mail.gmail.com> <54515DDA.3060500@bogus.com> <CAC8QAcc92J9_VCtLsLme-gvOGA4nJgWWm0Q9P-vJ-beTeQqNjA@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93301C37D5@OPEXCLILM23.corporate.adroot.infra.ftgroup> <5456954C.7010306@bogus.com> <CAC8QAccJ2D-1tkWzUSYBVxpZ+x7=HFvFFdGwJUznBZ2ohVSJsQ@mail.gmail.com>
In-Reply-To: <CAC8QAccJ2D-1tkWzUSYBVxpZ+x7=HFvFFdGwJUznBZ2ohVSJsQ@mail.gmail.com>
Accept-Language: de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/hiaps/cmSUTZNGkN-rkwlPZmXZVWW43cw
Cc: hiaps@ietf.org, mohamed.boucadair@orange.com, brandon.williams@akamai.com
Subject: Re: [hiaps] some discussion in the press...
X-BeenThere: hiaps@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Host Identification, Address and Prefix Sharing in Wi-Fi Access \(hiaps\)" <hiaps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hiaps>, <mailto:hiaps-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hiaps/>
List-Post: <mailto:hiaps@ietf.org>
List-Help: <mailto:hiaps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hiaps>, <mailto:hiaps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 14:18:01 -0000

Dear all,
Regarding the potential differently interpretable postings on this list IMHO the job of the ML should be to enable discussion on issues with new and existing identities (which might also include service or session IDs beside host IDs IMO).
 
Main aspects are of course usefulness in enabling (new) services and improving service performance via (new) networks - but a topic of adequate importance is how to prevent their mis-use in terms of increased security threats, attack probability and frequency, decreased privacy and so on - as is subject of the links within the original thread.

Personally I think that with increased heterogeneity of networks, devices, services, application scenarios etc. the demand for differentiation (and therefore potential new flags, options, identities etc.) will grow to grant fulfilment of (user and operator) expectations towards next generation communication (also dubbed as beyond 4G). 

Therefore we should keep on discussing identity issues - e.g. here ... ;-)

Whether this would result in a call for a new/revived BoF seems to me to be another question to be raised only after the well-known criteria are fulfilled (see e.g. rfc5434) and we should not have such a pressure for the current discussions ... 

just my 2 Cents - if you disagree please speak up 

Thanks!
Best regards
Dirk

-----Original Message-----
From: hiaps [mailto:hiaps-bounces@ietf.org] On Behalf Of Behcet Sarikaya
Sent: Montag, 3. November 2014 16:32
To: joel jaeggli
Cc: hiaps@ietf.org; Mohamed Boucadair; Brandon Williams
Subject: Re: [hiaps] some discussion in the press...

On Sun, Nov 2, 2014 at 2:34 PM, joel jaeggli <joelja@bogus.com> wrote:
> On 10/31/14 9:03 AM, mohamed.boucadair@orange.com wrote:
>> Hi Behcet,
>>
>> I'm still supportive of this work and actually I'd like to see some 
>> concrete progress. Saying that, I'm not sure Joel is asking for 
>> another BoF but perhaps I'm wrong here.
>
> I'm not.  somebody should reread the thread if they believe that.

Understood.

The point is hiaps list has been around for some time. I think that Joel was indicating that maybe it should be decided whether to close this list or to continue the discussions. If the latter is chosen, that is something that would lead to going to another BoF, or whatever is decided as the next step.

Joel, is this correct?

We need to clarify this as a number of people may jump in as a result.

Regards,

Behcet


>
>> Just like the "panic" with pervasive monitoring, there are several 
>> mailing lists that are alarmed with injection of the identifiers.
>> These practices are not new but these are "panic" cycles... The side 
>> effect of it is that these alarming news can pollute the HOST_ID work 
>> despite the fact that we are not asking for unique/stable identifiers 
>> nor asking to leak/reveal any customer ID, profile ID, etc.
>>
>> BTW, there IETF documents that already documents some practices of 
>> injecting identifiers, see for instance:
>> http://tools.ietf.org/html/draft-ietf-sfc-use-case-mobility-01#sectio
>> n-3.3 that is more close to what Joel shared in this list.
>>
>> Cheers, Med
>>
>> -----Message d'origine----- De : Behcet Sarikaya 
>> [mailto:sarikaya2012@gmail.com] Envoyé : jeudi 30 octobre 2014 20:04 
>> À : joel jaeggli Cc : hiaps@ietf.org; BOUCADAIR Mohamed IMT/OLN; 
>> Brandon Williams Objet : Re: [hiaps] some discussion in the press...
>>
>> Hi Med, Brandon,
>>
>> Last time Med was on paternity leave and he could help. Brandon found 
>> out about hiaps late.
>>
>> Now, it is time for you two to say something regarding
>>
>>> a bof proposal that addresses the scope and privacy/pervasive 
>>> monitoring concerns and which has a critical mass of effort behind 
>>> it might certainly be worthy of consideration as bof.
>>
>>
>> Regards,
>>
>> Behcet On Wed, Oct 29, 2014 at 4:36 PM, joel jaeggli 
>> <joelja@bogus.com> wrote:
>>> On 10/29/14 9:51 AM, Behcet Sarikaya wrote:
>>>> Hi Joel,
>>>>
>>>> On Wed, Oct 29, 2014 at 9:59 AM, joel jaeggli <joelja@bogus.com>
>>>> wrote:
>>>>> On 10/29/14 7:10 AM, mohamed.boucadair@orange.com wrote:
>>>>>> Hi Brian,
>>>>>>
>>>>>> I echo your comment.
>>>>>>
>>>>>> None of the proposals inventoried in the HOST_ID effort is trying 
>>>>>> to do the same thing as X-UIDH header. Moreover, none of these 
>>>>>> proposals is endorsing the following headers (but not limited to) 
>>>>>> nor aims at revealing a customer ID, account ID, profile ID, 
>>>>>> etc.:
>>>>>>
>>>>>> HTTP_MSISDN, HTTP_X_MSISDN, HTTP_X_UP_CALLING_LINE_ID, 
>>>>>> HTTP_X_NOKIA_MSISDN, HTTP_X_HTS_CLID, HTTP_X_MSP_CLID, 
>>>>>> HTTP_X_NX_CLID, HTTP__RAPMIN, HTTP_X_WAP_MSISDN, HTTP_COOKIE, 
>>>>>> HTTP_X_UP_LSID, HTTP_X_H3G_MSISDN, HTTP_X_JINNY_CID, 
>>>>>> HTTP_X_NETWORK_INFO, ...
>>>>>>
>>>>>> Cheers, Med
>>>>>>
>>>>>> -----Message d'origine----- De : hiaps 
>>>>>> [mailto:hiaps-bounces@ietf.org] De la part de Brandon Williams 
>>>>>> Envoyé : mercredi 29 octobre 2014 14:55 À : joel jaeggli; 
>>>>>> hiaps@ietf.org Objet : Re: [hiaps] some discussion in the 
>>>>>> press...
>>>>>>
>>>>>> Agreed. Inserting a publicly visible user identifier is a bad 
>>>>>> idea. That's why all the proposals that have come from people on 
>>>>>> the hiaps list (to the best of my knowledge) have focused on 
>>>>>> relaying _host_ identifiers that are already publicly visible 
>>>>>> (generally the public IP address) through to the other side of 
>>>>>> middleboxes that are hiding such publicly visible identifiers. If 
>>>>>> there are proposals out there that violate this principle, I 
>>>>>> agree entirely that they should be abandoned.
>>>>>
>>>>> imho one of the assumptions I see in the work is that the host 
>>>>> identifier being relayed was previosuly not publicly visible, 
>>>>> hence the need for hostid injection.  That applies to nat 
>>>>> translation for example it also  applies to differentating between 
>>>>> prefix sharing UE's in IPV6 by something other than source 
>>>>> address.
>>>>>
>>>>> http://tools.ietf.org/html/draft-boucadair-intarea-host-identifier
>>>>> -scenarios-07
>>>>>
>>>>>
> http://tools.ietf.org/html/rfc6269
>>>>>
>>>>> that's part of the reason for hiaps bof proposal to consider the 
>>>>> problem of securing such an identifier from differentiation by 
>>>>> surveillance.
>>>>
>>>> Absolutely.
>>>>
>>>> Should we revive the bof effort?
>>>
>>> you didn't hear me say that. I think you know where we left it.
>>>
>>> From my vantage point a bof proposal that addresses the scope and 
>>> privacy/pervasive monitoring concerns and which has a critical mass 
>>> of effort behind it might certainly be worthy of consideration as 
>>> bof.
>>>
>>>> I think that doing the standardization related to hosted in hiaps 
>>>> rather than intarea is the right way to go for IETF.
>>>
>>> We created this mailing list to have a place to discuss host 
>>> identification, we can use it for that or we can get rid of it.
>>>
>>>> Behcet
>>>>>
>>>>>> --Brandon
>>>>>>
>>>>>> On 10/29/2014 12:06 AM, joel jaeggli wrote:
>>>>>>> this is pretty much exactly what I would have expected from 
>>>>>>> injection on the wire of an identity token...
>>>>>>>
>>>>>>> http://webpolicy.org/2014/10/24/how-verizons-advertising-header-
>>>>>>> works/
>>>>>>>
>>>>>>>
>>>>>>>
> http://www.wired.com/2014/10/verizons-perma-cookie/
>>>>>>>
>>>>>>> http://www.forbes.com/sites/kashmirhill/2014/10/28/att-says-its-
>>>>>>> testing-unkillable-tracker-on-customers-smartphones/
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>>
> _______________________________________________
>>>>> hiaps mailing list hiaps@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/hiaps
>>>>>
>>>>
>>>> _______________________________________________ hiaps mailing list 
>>>> hiaps@ietf.org https://www.ietf.org/mailman/listinfo/hiaps
>>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________ hiaps mailing list 
>>> hiaps@ietf.org https://www.ietf.org/mailman/listinfo/hiaps
>
>
>
>

_______________________________________________
hiaps mailing list
hiaps@ietf.org
https://www.ietf.org/mailman/listinfo/hiaps

v2.23.0 | Report a Bug | By Email