Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers

"Horne, Rob" <rob.horne@trustis.com> Fri, 06 June 2014 16:09 UTC

Return-Path: <rob.horne@trustis.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B5C31A0111; Fri, 6 Jun 2014 09:09:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OKCxQ2criL_t; Fri, 6 Jun 2014 09:09:56 -0700 (PDT)
Received: from mail1.bemta5.messagelabs.com (mail1.bemta5.messagelabs.com [195.245.231.152]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31A051A010D; Fri, 6 Jun 2014 09:09:56 -0700 (PDT)
Received: from [85.158.136.35:33484] by server-16.bemta-5.messagelabs.com id 81/CF-19700-BC7E1935; Fri, 06 Jun 2014 16:09:47 +0000
X-Env-Sender: rob.horne@trustis.com
X-Msg-Ref: server-3.tower-125.messagelabs.com!1402070976!37717041!20
X-Originating-IP: [217.28.140.9]
X-StarScan-Received:
X-StarScan-Version: 6.11.3; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 14622 invoked from network); 6 Jun 2014 16:09:47 -0000
Received: from smtp.hs20.net (HELO outlook.hs20.net) (217.28.140.9) by server-3.tower-125.messagelabs.com with AES256-SHA encrypted SMTP; 6 Jun 2014 16:09:47 -0000
Received: from THHSTE15D1BE5.hs20.net (192.168.251.26) by THHSTE15D1BE2.hs20.net (192.168.251.22) with Microsoft SMTP Server (TLS) id 15.0.847.32; Fri, 6 Jun 2014 17:09:08 +0100
Received: from THHSTE15D1BE5.hs20.net ([fe80::4064:274f:d635:873e]) by THHSTE15D1BE5.hs20.net ([fe80::4064:274f:d635:873e%15]) with mapi id 15.00.0847.030; Fri, 6 Jun 2014 17:09:08 +0100
From: "Horne, Rob" <rob.horne@trustis.com>
To: "touch@isi.edu" <touch@isi.edu>, "brian.e.carpenter@gmail.com" <brian.e.carpenter@gmail.com>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>
Thread-Topic: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
Thread-Index: AQHPgZmqH9Fs2K0LfUiEYmAeH7ZhWZti6VyAgAFWQkA=
Date: Fri, 6 Jun 2014 16:09:08 +0000
Message-ID: <40d4eee108b142138e9b8c93026085fd@THHSTE15D1BE5.hs20.net>
References: <E87B771635882B4BA20096B589152EF628724B2C@eusaamb107.ericsson.se> <539016BE.3070008@gmx.net> <53906711.5070406@cs.tcd.ie> <5390D2F8.6000801@gmail.com> <5390D633.9070006@isi.edu>
In-Reply-To: <5390D633.9070006@isi.edu>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [62.6.167.196]
x-exclaimer-md-config: 266e7a57-cddd-49fd-bdea-19bca6d40303
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/SJpQXKxI15hgCVkS7sFE8cYQebI
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2014 16:09:58 -0000

I agree too and think Joe's outlined a good starting point to discuss "misuse".

Rob


-----Original Message-----
From: ietf-privacy [mailto:ietf-privacy-bounces@ietf.org] On Behalf Of Joe Touch
Sent: 05 June 2014 21:42
To: Brian E Carpenter; Stephen Farrell
Cc: ietf-privacy@ietf.org; int-area@ietf.org
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers



On 6/5/2014 1:28 PM, Brian E Carpenter wrote:
...
> As a matter of fact I tend to agree with many of your criticisms of
> the draft, and I like the idea (below) of adding what we might call
> the misuse cases. That's a discussion the intarea WG could have.
>
>      Brian

I'd vote for WG adoption, and agree with the above with the caveat that such "misuse" should focus on:

a) ways proposed mechanisms "undo" current mechanisms that *might* have been intended to preserve privacy (e.g., NATs are deployed for lots of reasons, and we never know intent per se, but privacy preservation CAN be a reason)

b) ways proposed mechanisms can exceed restoring what such devices "undo" and be used to track hosts, processes, or other identities beyond what the original packet *would have already exposed*.

I.e., for a device that inserts the source IP address and TCP source port for NAT traversal, it would at best be considered to 'undo' the potential privacy-creation intent of a NAT, but would NOT be considered to exceed what the original packet conveyed.

Joe

_______________________________________________
ietf-privacy mailing list
ietf-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-privacy