Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
Eliot Lear <lear@cisco.com> Mon, 09 June 2014 20:19 UTC
Return-Path: <lear@cisco.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6127D1A02F2; Mon, 9 Jun 2014 13:19:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.152
X-Spam-Level:
X-Spam-Status: No, score=-10.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0S-Gqp-NJkFN; Mon, 9 Jun 2014 13:19:54 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECE721A0300; Mon, 9 Jun 2014 13:19:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1128; q=dns/txt; s=iport; t=1402345194; x=1403554794; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=w0KDg57jFBr0aiYdSrqdOhmn48Joy0jkAYbC+WmdhLo=; b=T24cDLXM3uIx6y1E6xxY/zpmBBgXgJK170pv11iPLmi5Q8TeWg5kbvIO IQNdJVjrpHPLQ13s8zZhhy9V7duyO1W9Tz+gtme7DdfOwkOqIvVK80HUa Um/AF5Pmr9p3L95KNgp5IREbfrSZ0fKrMnuRQ0DJHDLTVBqdiH0BgixGI k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnIKAJQVllOtJssW/2dsb2JhbABZg1+DRad1AQEBAQEBBQGZEAGBKHWEAwEBAQQjVQEQCxgCAgUWCwICCQMCAQIBRQYBDAEFAgEBF4gnrC6fGReBKoQziD4BAU8HgnWBTAEDmiGTRYM+O4E5
X-IronPort-AV: E=Sophos;i="4.98,1003,1392163200"; d="scan'208";a="80500714"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP; 09 Jun 2014 20:19:52 +0000
Received: from ELEAR-M-C3ZS.CISCO.COM ([10.61.201.68]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s59KJpBa028030; Mon, 9 Jun 2014 20:19:51 GMT
Message-ID: <539616E7.6060305@cisco.com>
Date: Mon, 09 Jun 2014 22:19:51 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Ted Lemon <ted.lemon@nominum.com>
References: <E87B771635882B4BA20096B589152EF628724B2C@eusaamb107.ericsson.se> <539016BE.3070008@gmx.net> <53906711.5070406@cs.tcd.ie> <5390CEC9.3000005@isi.edu> <5D2CC7D6-D9E1-49A8-818C-5FB33DC283C0@cisco.com> <5393119F.6050805@cs.tcd.ie> <5395E195.4080007@cisco.com> <C920E9AB-A1F5-4BEB-9573-299D43596367@nominum.com> <539614C9.9050308@gmail.com>
In-Reply-To: <539614C9.9050308@gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/8r-87P2nZ_uWRh-an8GcBXAFsM8
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>, Internet Area <int-area@ietf.org>
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jun 2014 20:19:56 -0000
Just to be clear: that was SMTP. The calculus can be different for other protocols, depending on their end to end nature. SMTP is very hop by hop and it is very difficult to secure an entire path with confidence due to downgrade attack threats. https would be a horse of a different color. On 6/9/14, 10:10 PM, Brian E Carpenter wrote: > On 10/06/2014 04:43, Ted Lemon wrote: >> On Jun 9, 2014, at 12:32 PM, Eliot Lear <lear@cisco.com> wrote: >>> But does adding a header solve the problem? Not unless it is signed AND I believe the signature. And then I had better be willing to spend the processing time to sort out your good customers from your bad customers. I might do that if you're at a very big mail service provider, in which case I probably get very little spam, anyway. I probably won't do that if you're Joe's small time ISP, unless there is some scaling feature not yet deployed today. >> Bingo. > So, there are some more components of the threat analysis and the solution > requirements. That's good, but I thought we were discussing whether > to document the use cases. > > Brian > >
- [ietf-privacy] NAT Reveal / Host Identifiers Hannes Tschofenig
- Re: [ietf-privacy] NAT Reveal / Host Identifiers Stephen Farrell
- Re: [ietf-privacy] NAT Reveal / Host Identifiers mohamed.boucadair
- Re: [ietf-privacy] NAT Reveal / Host Identifiers Stephen Farrell
- Re: [ietf-privacy] NAT Reveal / Host Identifiers mohamed.boucadair
- Re: [ietf-privacy] NAT Reveal / Host Identifiers mohamed.boucadair
- Re: [ietf-privacy] [Int-area] WG Adoption Joel M. Halpern
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Ted Lemon
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Bernard Aboba
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… mohamed.boucadair
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Ted Lemon
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… mohamed.boucadair
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brian E Carpenter
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] WG Adoption Brian E Carpenter
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brian E Carpenter
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brian E Carpenter
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Horne, Rob
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Eric Burger
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… David Singer
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Dan Wing
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brandon Williams
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brandon Williams
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Eliot Lear
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Ted Lemon
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… joel jaeggli
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brian E Carpenter
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Eliot Lear
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Ted Lemon
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… mohamed.boucadair
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… mohamed.boucadair
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Dirk.von-Hugo
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… mohamed.boucadair
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brandon Williams