Re: [Ideas] [lisp] WG Review: IDentity Enabled Networks (ideas)

Tom Herbert <tom@herbertland.com> Thu, 02 November 2017 15:30 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FAA3136001 for <ideas@ietfa.amsl.com>; Thu, 2 Nov 2017 08:30:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bh6NrAopGiEl for <ideas@ietfa.amsl.com>; Thu, 2 Nov 2017 08:30:16 -0700 (PDT)
Received: from mail-ua0-x243.google.com (mail-ua0-x243.google.com [IPv6:2607:f8b0:400c:c08::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8933613A2B8 for <ideas@ietf.org>; Thu, 2 Nov 2017 08:30:12 -0700 (PDT)
Received: by mail-ua0-x243.google.com with SMTP id e46so4256372uaa.4 for <ideas@ietf.org>; Thu, 02 Nov 2017 08:30:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0YDnVodjsKJZ2cUlNPs3xCRZ2v1Gqd4oIuQfAYOb0UA=; b=aQP8Ld6FPuvOoizzw+kIms8wQEteGVMMoLsRFy2NgH/9zAG4fNj5cTBBz8iwgS5CMy FqZR2m9r3ZPYrFzKdcOPUgCU0K/M9lmF8G83O/s10V4JFcqzoykaFX4GCmVgj5xyEbn9 lk0cceqw9LBB8ZwbGL9JjSTZoJ4HM2WdhUjluwI8uVdqky7u7DHuoNnX3+ruIM9UUkwt UNBgJVt6KKSO0KbWhEbYERUmNzEpzIpiE11V2DTl3ZW69w/FMdWDsbDyvj7dZao119Eo pvL4JM/L+1Pp5tv786YrPidQsBFP/NfXNxGg7C0sTXMuvtSNAQVIE1x6k2j9lixm/OXa mHIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0YDnVodjsKJZ2cUlNPs3xCRZ2v1Gqd4oIuQfAYOb0UA=; b=mJaXH/vCuN7EVcYabHBQz9WfQul5Ft9cGPxZ/LWZFcdqrueejUdT+fY/iszL/osYdw WA77QmhnJkqtvSWCbofvdVEstU2MRxIi93Glb8t9VCwozKilzIHdCdDEGVUz+SmoEHTa HoLWglD5VkWU0Ax1wSAFHhu4WSWRy1NQ1L9lrqHPMzGZjkg2RTUSZ+a7k076OGmxw8eT K34JcciWx719RhhnYQSErOkGHXaBynNePbCQeORz8B4C85LWaX6lCUzuQPtO0rzRbs12 22SBXl0bsHqjO+MbedrPu8VXxI4fnLBcMbjTrSNd5VWSYCqL4Rp3sDwesiqPYXgRdlRi R7rw==
X-Gm-Message-State: AMCzsaUFq/xwklbKLCo0o05ugvIaX1ZC5QoXWDREB33/Kd2A8WiVB9XU StP1jSFQFF5m5HQ0aGpR/FIMzTftA+PjUJNu5tYX1g==
X-Google-Smtp-Source: ABhQp+SaVrAbsJKwiDzMP1+5KlJmpV1k4uBCkBZpvil031q2Iy+MRpGrmCvZ8oxQFGIW2i8WWmHjAxDaqOr8QxeJuLA=
X-Received: by 10.176.83.206 with SMTP id l14mr3297045uaa.167.1509636611570; Thu, 02 Nov 2017 08:30:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.69.4 with HTTP; Thu, 2 Nov 2017 08:30:11 -0700 (PDT)
In-Reply-To: <20171101172146.GA12437@faui40p.informatik.uni-erlangen.de>
References: <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <644DA50AFA8C314EA9BDDAC83BD38A2E0EAA7204@sjceml521-mbx.china.huawei.com> <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie> <0BA14206-DC82-49EF-A625-B2425FA396F6@gmail.com> <1f254140-1340-6c7d-9c73-e7137562c685@gmail.com> <fa644cc2-161f-8884-3445-2b50d2c2ad23@htt-consult.com> <cf2ca920-f2d2-b65e-05eb-ebe3c30b76d1@huitema.net> <CAG-CQxrdS9L+2+bN=1NcPGuztn4U4OwSWUiNaVcS9Bsm2mtpfA@mail.gmail.com> <b18459d1-7ce1-b83d-787d-9066267d584b@huitema.net> <20171101172146.GA12437@faui40p.informatik.uni-erlangen.de>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 2 Nov 2017 08:30:11 -0700
Message-ID: <CALx6S34Bkv4ipyA5si4KkW7VaYU6A=3=cPpRo_ss00H+vDms-w@mail.gmail.com>
To: Toerless Eckert <tte@cs.fau.de>
Cc: Christian Huitema <huitema@huitema.net>, Padma Pillay-Esnault <padma.ietf@gmail.com>, "ietf@ietf.org" <ietf@ietf.org>, "ideas@ietf.org" <ideas@ietf.org>, Dino Farinacci <farinacci@gmail.com>, "lisp@ietf.org list" <lisp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/TfLS1akLZHF4sH490QMTW0O-FxE>
Subject: Re: [Ideas] [lisp] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 15:30:18 -0000

On Wed, Nov 1, 2017 at 10:21 AM, Toerless Eckert <tte@cs.fau.de>; wrote:
> On Wed, Oct 11, 2017 at 12:34:19PM -0700, Christian Huitema wrote:
>> Some thing you should be hearing is that "long term identity of device"
>> has almost the same privacy properties as "long term identity of the
>> device's owner". You may think that identifying a random piece of
>> hardware is no big deal, but it turns out that the network activity and
>> network locations of that piece of hardware can be associated to those
>> of its human owner. So you need the same kind of protection for these
>> device identifiers as for human identifiers.
>
> Sure, but i don't think it can be generalized:
>
> There will be more and more non-individually owned nodes in public and
> corporate infrastructures where requirements will be quite different
> from those derived from individual human privacy.
>
Toerless,

That maybe true, but personal devices, such as smart phones and cars
that are associated with individuals, are hardly going away anytime
soon. How addresses are assigned to these devices has a material
impact on individual privacy. Even right now there are two long
threads on v6ops right now that are delving precisely into privacy of
IPv6 addresses that may be relevant. This includes discussion about
CGNAT and efforts by some governments to illegalize it because the
privacy it gives is too strong for law enforcement.

> If lets say those long term identifiers do not provide good human
> privacy protection but good communications security properties and
> managed transpacency for regulators then they could still be a great
> benefit for those class of nodes.
>
> [rant]
>
> Trying to get more privacy into network layer is like making
> tobacco more organic. You can get buried in the organic section
> of the graveyard after you die of lung cancer. Great success!
>
> Aka: Where is the IETF on any warnings, architectures or recommendations
> on the actual application layer:
>
Maybe there should be something like that. But, not unlike security,
if the goal is to derive a system with good privacy characteristics
then privacy should be considered at every layer including the
networking layer.

Tom