Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
Eliot Lear <lear@cisco.com> Mon, 09 June 2014 16:32 UTC
Return-Path: <lear@cisco.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 849951A0264; Mon, 9 Jun 2014 09:32:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.151
X-Spam-Level:
X-Spam-Status: No, score=-10.151 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KrqSeXJ75Zi4; Mon, 9 Jun 2014 09:32:24 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 815EF1A0257; Mon, 9 Jun 2014 09:32:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4540; q=dns/txt; s=iport; t=1402331543; x=1403541143; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=Y0e/Y6IB7c4ye31/W0rroDAI3/MGYnsh6880j/bFqlI=; b=amtZoZYqsdqx7xpmp/gMP7IC7BXTg6tcR7R5we7hBBTO5yvLrHDqORlG +7ZFV47O25JfkW1pgDbtmbCR9ipKyME1erTXA3k9e1tc77JW1Zy69kEu8 WmIupS29OgiNoOFu8wCdYf0ZeVDnJ/qjsXhzWhr9cfjrzBUELI3+FYZHn M=;
X-IronPort-AV: E=Sophos;i="4.98,1003,1392163200"; d="scan'208,217";a="79655676"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP; 09 Jun 2014 16:32:22 +0000
Received: from ELEAR-M-C3ZS.CISCO.COM ([10.61.203.105]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id s59GWLX3023173; Mon, 9 Jun 2014 16:32:21 GMT
Message-ID: <5395E195.4080007@cisco.com>
Date: Mon, 09 Jun 2014 18:32:21 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Dan Wing <dwing@cisco.com>
References: <E87B771635882B4BA20096B589152EF628724B2C@eusaamb107.ericsson.se> <539016BE.3070008@gmx.net> <53906711.5070406@cs.tcd.ie> <5390CEC9.3000005@isi.edu> <5D2CC7D6-D9E1-49A8-818C-5FB33DC283C0@cisco.com> <5393119F.6050805@cs.tcd.ie>
In-Reply-To: <5393119F.6050805@cs.tcd.ie>
X-Enigmail-Version: 1.6
Content-Type: multipart/alternative; boundary="------------060505040501030907000309"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/IJp0Ho-ouzNShWHQZZOIgMmGEMM
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>, Internet Area <int-area@ietf.org>, Joe Touch <touch@isi.edu>
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jun 2014 16:32:25 -0000
Hi Stephen, On 6/7/14, 3:20 PM, Stephen Farrell wrote: > I'm frankly amazed that that's not crystal clear to anyone who > has read all 2.5 non-boilerplate pages of the BCP. Or even just > the last two words of the 1-line abstract (hint: those say "where > possible.") > > Yes, source addresses leak information that affects privacy. But > we do not have a practical way to mitigate that. So therefore > BCP188 does not call for doing stupid stuff, nor for new laws of > physics (unlike -04 of the draft we're discussing;-) > > Adding new identifiers with privacy impact, as proposed here, is > quite different. This came up today in a discussion around spam and cybersecurity with at least one major service provider who has some pretty sophisticated cbyersecurity systems. Someone mentioned CGN and how entire groups of customers are blocked when a single IP address goes bad. We even experienced this on the IAB, by the way, when its MSP got blocked by an anti-spam site due to presumably someone else misusing them. Our architecture isn't really set up for IP address sharing or hiding. If your source address is naughty, the only back pressure I have at my disposal is to block it. If enough in an address range are bad, I might block a range, even if that means some small amount of good mail being blocked. Go to a lousy SP and this is what it gets you. But does adding a header solve the problem? Not unless it is signed AND I believe the signature. And then I had better be willing to spend the processing time to sort out your good customers from your bad customers. I *might* do that if you're at a very big mail service provider, in which case I probably get very little spam, anyway. I probably won't do that if you're Joe's small time ISP, unless there is some scaling feature not yet deployed today. Eliot
- [ietf-privacy] NAT Reveal / Host Identifiers Hannes Tschofenig
- Re: [ietf-privacy] NAT Reveal / Host Identifiers Stephen Farrell
- Re: [ietf-privacy] NAT Reveal / Host Identifiers mohamed.boucadair
- Re: [ietf-privacy] NAT Reveal / Host Identifiers Stephen Farrell
- Re: [ietf-privacy] NAT Reveal / Host Identifiers mohamed.boucadair
- Re: [ietf-privacy] NAT Reveal / Host Identifiers mohamed.boucadair
- Re: [ietf-privacy] [Int-area] WG Adoption Joel M. Halpern
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Ted Lemon
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Bernard Aboba
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… mohamed.boucadair
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Ted Lemon
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… mohamed.boucadair
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brian E Carpenter
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] WG Adoption Brian E Carpenter
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brian E Carpenter
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brian E Carpenter
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Horne, Rob
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Eric Burger
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… David Singer
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Dan Wing
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brandon Williams
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brandon Williams
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Eliot Lear
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Ted Lemon
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… joel jaeggli
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brian E Carpenter
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Eliot Lear
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Ted Lemon
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… mohamed.boucadair
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… mohamed.boucadair
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Dirk.von-Hugo
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Stephen Farrell
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… mohamed.boucadair
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Joe Touch
- Re: [ietf-privacy] [Int-area] NAT Reveal / Host I… Brandon Williams