Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers

Joe Touch <touch@isi.edu> Wed, 11 June 2014 16:15 UTC

Return-Path: <touch@isi.edu>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8FD51A01E7; Wed, 11 Jun 2014 09:15:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.851
X-Spam-Level:
X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k5EqGHyQCrNU; Wed, 11 Jun 2014 09:15:43 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D1C81A01AB; Wed, 11 Jun 2014 09:15:43 -0700 (PDT)
Received: from [172.20.7.72] ([12.104.145.3]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id s5BGExFi015609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 11 Jun 2014 09:15:08 -0700 (PDT)
Message-ID: <53988083.8060603@isi.edu>
Date: Wed, 11 Jun 2014 09:14:59 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Dan Wing <dwing@cisco.com>
References: <E87B771635882B4BA20096B589152EF628724B2C@eusaamb107.ericsson.se> <539016BE.3070008@gmx.net> <53906711.5070406@cs.tcd.ie> <5390CEC9.3000005@isi.edu> <5D2CC7D6-D9E1-49A8-818C-5FB33DC283C0@cisco.com> <5393119F.6050805@cs.tcd.ie> <53986D94.5090801@isi.edu> <5398711F.1020702@cs.tcd.ie>
In-Reply-To: <5398711F.1020702@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/6QhHipDMCqM-muUy916W9uCYEHg
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>, Internet Area <int-area@ietf.org>
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 16:15:44 -0000


On 6/11/2014 8:09 AM, Stephen Farrell wrote:
>
>
> On 11/06/14 15:54, Joe Touch wrote:
>>
>>
>> On 6/7/2014 6:20 AM, Stephen Farrell wrote:
>>> Yes, source addresses leak information that affects privacy. But
>>> we do not have a practical way to mitigate that. So therefore
>>> BCP188 does not call for doing stupid stuff, nor for new laws of
>>> physics (unlike -04 of the draft we're discussing;-)
>>
>> Again, BCP188 does not *call* for doing anything. There are no SHOULD-
>> or MUST- level requirements in that doc. Let's please not wave it in the
>> air as if there are.
>
> I don't buy that argument at all and didn't wave anything anywhere.
>
> BCP188 very clearly says:
>
>     Pervasive monitoring is a technical attack that should be mitigated
>     in the design of IETF protocols, where possible.
>
> and
>
>     Those developing IETF specifications need to be able to describe how
>     they have considered PM, and, if the attack is relevant to the work
>     to be published, be able to justify related design decisions.  This
>     does not mean a new "pervasive monitoring considerations" section is
>     needed in IETF documentation.  It means that, if asked, there needs
>     to be a good answer to the question "Is pervasive monitoring relevant
>     to this work and if so, how has it been considered?"
>
> Reverting to RFC2119-keyword-lawyering is not IMO credible here.

That's what RFC2119 is for and how we interpret BCPs.

The doc goes out of its way - as you note - to include wiggle phrases 
like "where possible" and by not requiring a new considerations section.

Yes, it's fine to discuss it here, and I've already outlined a way 
forward - with the caveat that my view is "do no harm", not necessarily 
"fix the lack of privacy already inherent in the Internet" - at least in 
this doc.

Joe