Re: [Ideas] [lisp] WG Review: IDentity Enabled Networks (ideas)

Toerless Eckert <tte@cs.fau.de> Wed, 01 November 2017 17:21 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AA1013F9AA; Wed, 1 Nov 2017 10:21:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FDvC12faLQUP; Wed, 1 Nov 2017 10:21:51 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4905C13F991; Wed, 1 Nov 2017 10:21:51 -0700 (PDT)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [131.188.34.77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 5560358C4F6; Wed, 1 Nov 2017 18:21:46 +0100 (CET)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id 405ABB0D054; Wed, 1 Nov 2017 18:21:46 +0100 (CET)
Date: Wed, 01 Nov 2017 18:21:46 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Christian Huitema <huitema@huitema.net>
Cc: Padma Pillay-Esnault <padma.ietf@gmail.com>, "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org list" <lisp@ietf.org>, Dino Farinacci <farinacci@gmail.com>, "ietf@ietf.org" <ietf@ietf.org>
Message-ID: <20171101172146.GA12437@faui40p.informatik.uni-erlangen.de>
References: <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <644DA50AFA8C314EA9BDDAC83BD38A2E0EAA7204@sjceml521-mbx.china.huawei.com> <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie> <0BA14206-DC82-49EF-A625-B2425FA396F6@gmail.com> <1f254140-1340-6c7d-9c73-e7137562c685@gmail.com> <fa644cc2-161f-8884-3445-2b50d2c2ad23@htt-consult.com> <cf2ca920-f2d2-b65e-05eb-ebe3c30b76d1@huitema.net> <CAG-CQxrdS9L+2+bN=1NcPGuztn4U4OwSWUiNaVcS9Bsm2mtpfA@mail.gmail.com> <b18459d1-7ce1-b83d-787d-9066267d584b@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <b18459d1-7ce1-b83d-787d-9066267d584b@huitema.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/uYtppiiKW41-RotYOmLbySs8iOg>
Subject: Re: [Ideas] [lisp] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2017 17:21:54 -0000

On Wed, Oct 11, 2017 at 12:34:19PM -0700, Christian Huitema wrote:
> Some thing you should be hearing is that "long term identity of device"
> has almost the same privacy properties as "long term identity of the
> device's owner". You may think that identifying a random piece of
> hardware is no big deal, but it turns out that the network activity and
> network locations of that piece of hardware can be associated to those
> of its human owner. So you need the same kind of protection for these
> device identifiers as for human identifiers.

Sure, but i don't think it can be generalized:

There will be more and more non-individually owned nodes in public and
corporate infrastructures where requirements will be quite different
from those derived from individual human privacy.

If lets say those long term identifiers do not provide good human
privacy protection but good communications security properties and
managed transpacency for regulators then they could still be a great
benefit for those class of nodes.

[rant]

Trying to get more privacy into network layer is like making
tobacco more organic. You can get buried in the organic section
of the graveyard after you die of lung cancer. Great success!

Aka: Where is the IETF on any warnings, architectures or recommendations
on the actual application layer:

"Inhaling of this web page / IoT device will expose your personal
 activities related to it, social security number and credit card
 information to a "trusted set" of 1000 collaborating web services
 companies of which 10 at least have already been fined several times
 for leaking your information - and then made even more money out of it"

(sorry, just can't get beyond the fact that equifax is not making
 money out of their leakage...)

Should come with every mayor web page and IoT device.

[/rant]

Venting aside, i'd actually love to understand better if/what IETF
does for privacy inside eg: a TLS payload, besides sipbrandy/dprive/perc ?

Cheers
    Toerless

> -- 
> Christian Huitema
> 

> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas