Re: [Ideas] [lisp] WG Review: IDentity Enabled Networks (ideas)

Dino Farinacci <farinacci@gmail.com> Wed, 11 October 2017 19:51 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A29B132351; Wed, 11 Oct 2017 12:51:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nHBsRq31QtD0; Wed, 11 Oct 2017 12:51:40 -0700 (PDT)
Received: from mail-pf0-x244.google.com (mail-pf0-x244.google.com [IPv6:2607:f8b0:400e:c00::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3BF313307B; Wed, 11 Oct 2017 12:51:40 -0700 (PDT)
Received: by mail-pf0-x244.google.com with SMTP id n73so1816509pfg.10; Wed, 11 Oct 2017 12:51:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=vC/Ez/TBsoaazVU+xkU2Ny7qXJ4UoUPDVj6TsAZcxVg=; b=isX7G69A/5zhcEjyFKrrCw65sVgqht7R7wOgx+JLigtbrBIs5/l0JSsOLZEYY5esKn pMD2h/jg/NHLp1QXYiKyAxDEwiWb11WrqqRrB2rel12tnP+ikyg2rY5xzcBS8CDk7Bav Qd1mDdRFuTyT6AUv4rUj18aXtqXtiphLQNC1px9ZPFb7iSoVAYjv+PO4bwvPYllWZh4E vOszwjNeQ+tnomr7ErlUHYvYQrILA1mynnQ6CH9CylkgW4uExT2rb9NjRll1ZInW9Tcq UiQRoBkfxAoYYTFjAu9ylheo3mkHCBG3qttLHzFTZp0oKIbBcVci1yFECTkw/XTD61Km j7cw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=vC/Ez/TBsoaazVU+xkU2Ny7qXJ4UoUPDVj6TsAZcxVg=; b=OSQKyf2G+SS6NXtNEqRxxjHY8HrX7FZSPX0X6XfIopgCFgjVRZ3l7DZXosqfY3eFR+ 5WiuZxr0d4miLXLtAIYgRsOUDEIUqCqleoNUC1kmZamw2DFxPOcYUJwejM0py0Edl/DT 3EkPvbGuiurC9qUmbLzzd6J3VCjPz5Hp5DqgWaZ2Z3+B9CUKP7/yRrK86b2xQcFoHpLi YfPRazDuqMQOBRul6W+KygVk2p9kUceSII53BHEJrvBbyl8tLL7OdpB8TX7qeJogxw+T ewxsa/MGRK9orMLSPd0ip18bYLFKjwU7IMZzwxcOQN5ExosyQ6AU2MUjSttcfoBqnrh+ ENxg==
X-Gm-Message-State: AMCzsaVQ7V/5S/WzUTUNMqa2sLJqPiTPJ2BMJuhp0sKn2qDBTmWouQUt 9hcwYf7214BgtPIcw2htocc=
X-Google-Smtp-Source: AOwi7QBhyPfODimblgpsPa0jUozgGVUYfrVMcByCXpTmePIpmjLC6eXnn0o45ZSPE1pnln34A+1NXw==
X-Received: by 10.98.24.20 with SMTP id 20mr105918pfy.71.1507751500277; Wed, 11 Oct 2017 12:51:40 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id r77sm17440000pfk.93.2017.10.11.12.51.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Oct 2017 12:51:39 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CABcZeBPngxTYDHA0T_eeexUyd=yKObADgKz75SNjbWNVoWLfdQ@mail.gmail.com>
Date: Wed, 11 Oct 2017 12:51:38 -0700
Cc: Christian Huitema <huitema@huitema.net>, "ietf@ietf.org" <ietf@ietf.org>, "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org list" <lisp@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C570D442-1D74-42FD-8DB6-1B548A96162E@gmail.com>
References: <150670160872.14128.2758037992338326085.idtracker@ietfa.amsl.com> <778d5504-ba4f-d418-7b20-356353bb0fb2@cs.tcd.ie> <CAMm+Lwg61PGrcmu=-e8ciD6Q+XmEaWWDys4g2M657VOjWmaGcg@mail.gmail.com> <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <644DA50AFA8C314EA9BDDAC83BD38A2E0EAA7204@sjceml521-mbx.china.huawei.com> <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie> <0BA14206-DC82-49EF-A625-B2425FA396F6@gmail.com> <1f254140-1340-6c7d-9c73-e7137562c685@gmail.com> <fa644cc2-161f-8884-3445-2b50d2c2ad23@htt-consult.com> <cf2ca920-f2d2-b65e-05eb-ebe3c30b76d1@huitema.net> <CAG-CQxrdS9L+2+bN=1NcPGuztn4U4OwSWUiNaVcS9Bsm2mtpfA@mail.gmail.com> <b18459d1-7ce1-b83d-787d-9066267d584b@huitema.net> <17BE9E1D-120B-4508-B765-3799134FD708@gmail.com> <CABcZeBPngxTYDHA0T_eeexUyd=yKObADgKz75SNjbWNVoWLfdQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/Ci-Q1Sso3FUjexptjQX0UfLEQRY>
Subject: Re: [Ideas] [lisp] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2017 19:51:47 -0000

> On Wed, Oct 11, 2017 at 12:39 PM, Dino Farinacci <farinacci@gmail.com> wrote:
> Let me ask for your opinion Christian (or anyone else for that matter). If a device is assigned a private/public key-pair and the identifier for the device is a hash of the public-key, is the identifier private?
> 
> 
> I can't answer this in isolation. Does the identifier show up on the wire? If so, then totally.

When the payload is encrypted, it does not. So let me ask you these follow-up questions:

(1) If a host sources a packet with its identifier in one VM and an encapsulator in another VM (in the same physical system) encapsulates the packet but encrypts the payload before encapsulation, has the identifier remain private?

(2) If in (1), the packet is decapsulated by an intermmediate point, and then reencapsulated but the packet is encrypted with a new session key (from a new ECDH exchange) to the destination, has the identifier remained private?

Dino

> 
> -Ekr
> 
> 
> Is the identifier trackable even when its network location is not generally known, not advertised publicly, and possibly changing frequently?
> 
> Dino
> 
> > On Oct 11, 2017, at 12:34 PM, Christian Huitema <huitema@huitema.net> wrote:
> >
> > On 10/11/2017 10:32 AM, Padma Pillay-Esnault wrote:
> >> but you do not need a reference to a permanent identity for that -- systems similar to CGA would work just fine.
> >>
> >>
> >> The identity of the device is just adding a lever of identifier which effectively allows authentication to modify the identifiers used by that device but also what the users of these identifiers can look up. If we had used "user of identifier" it would have been misconstrued for humans. So damn if you do and damn if you don't ...
> >>
> >> We are open for discussions anytime.
> >>
> >
> > Some thing you should be hearing is that "long term identity of device" has almost the same privacy properties as "long term identity of the device's owner". You may think that identifying a random piece of hardware is no big deal, but it turns out that the network activity and network locations of that piece of hardware can be associated to those of its human owner. So you need the same kind of protection for these device identifiers as for human identifiers.
> > --
> > Christian Huitema
> >
> 
>