Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers

<> Wed, 11 June 2014 14:31 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 8ECD21A010D; Wed, 11 Jun 2014 07:31:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MvzB3F8LtAR2; Wed, 11 Jun 2014 07:31:41 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 611371A063B; Wed, 11 Jun 2014 07:31:41 -0700 (PDT)
Received: from (unknown [xx.xx.xx.199]) by (ESMTP service) with ESMTP id 6D0A71B827D; Wed, 11 Jun 2014 16:31:39 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown []) by (ESMTP service) with ESMTP id 26651C804B; Wed, 11 Jun 2014 16:31:39 +0200 (CEST)
Received: from OPEXCLILM23.corporate.adroot.infra.ftgroup ([]) by OPEXCLILH04.corporate.adroot.infra.ftgroup ([]) with mapi id 14.03.0181.006; Wed, 11 Jun 2014 16:31:39 +0200
From: <>
To: Stephen Farrell <>, Ted Lemon <>
Thread-Topic: [Int-area] [ietf-privacy] NAT Reveal / Host Identifiers
Thread-Index: AQHPgaBKDm6yLULEn0WY6FQhphp6qZtr/mVw
Date: Wed, 11 Jun 2014 14:31:38 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B933001605D@OPEXCLILM23.corporate.adroot.infra.ftgroup>
References: <> <> <> <> <> <787AE7BB302AE849A7480A190F8B93300141B4@OPEXCLILM23.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B933001433C@OPEXCLILM23.corporate.adroot.infra.ftgroup> <>
In-Reply-To: <>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version:, Antispam-Engine:, Antispam-Data: 2014.6.10.215118
Cc: "" <>, "" <>, Brian E Carpenter <>
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 11 Jun 2014 14:31:47 -0000

Hi Stephen,

Please see inline.


>-----Message d'origine-----
>De : Stephen Farrell []
>Envoyé : vendredi 6 juin 2014 17:59
>À : BOUCADAIR Mohamed IMT/OLN; Ted Lemon
>Cc : Brian E Carpenter;;
>Objet : Re: [Int-area] [ietf-privacy] NAT Reveal / Host Identifiers
>Hi Med,
>On 06/06/14 12:41, wrote:
>> [Med] I'm not sure about this Ted. There are other initiatives that
>> try to solve the issue for particular use cases, see for instance
>> this effort for HTTP:
>> The
>> rationale of the "host identifier scenarios" document is to group all
>> use cases suffering from the same problem instead of focusing on one
>> single case. This allows having a big picture view of the problem
>> space.
>I think XFF is actually a good example of why we ought not adopt
>this work.

[Med] I provided "Forward" as an example to illustrate there is a need to have a big picture view rather than focusing on specific use case. This draft does not suggest to adopt XFF or Forward at all. There is a need to understand the problem space and identify deployment scenarios where encountering complications.

>XFF is widely deployed already but somewhat flakey in terms of
>interop so the authors of the above draft aimed to produce a spec
>that just addressed interop. (*) That was adopted by an area WG
>without (IMO) ever really considering the privacy implications,
>and definitely without any effort having been made to develop a
>more privacy-friendly mechanism (which could have been done, again
>IMO) to solve what were the claimed use-cases.

[Med] Wouldn't be this effort an opportunity to promote those solutions you are advocating for? The proxy use case (not limited to HTTP) is listed as a typical scenario. If there are other better solutions that solves your privacy concerns, why not documenting them? 

 By the time it
>got to the IESG that was in practice unfixable and after some
>fairly painful discussions it ended up with 4 abstain ballots,
>including mine. [1] (For those who quite reasonably don't need
>to care about IESG balloting, an abstain means approximately
>Of course that all also pre-dated BCP188 and the last year's
>shenanigans so I'd hope we have learned to not keep doing that.
>I'd be delighted if those who could get a better solution
>implemented/deployed were to attempt to try to address the
>privacy issues with XFF but it seems that at least in that
>case relevant folks don't care (sufficiently;-) deeply about
>our privacy to go do that.
>(*) To be clear: I think the authors were genuinely just
>trying to fix what they saw as an interop problem.