Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers

Eric Burger <eburger-l@standardstrack.com> Sat, 07 June 2014 18:06 UTC

Return-Path: <eburger-l@standardstrack.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40AC01A014D for <ietf-privacy@ietfa.amsl.com>; Sat, 7 Jun 2014 11:06:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZWtU-xT0m9n8 for <ietf-privacy@ietfa.amsl.com>; Sat, 7 Jun 2014 11:06:16 -0700 (PDT)
Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [173.247.246.244]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1F6B1A0170 for <ietf-privacy@ietf.org>; Sat, 7 Jun 2014 11:06:16 -0700 (PDT)
Received: from ip68-100-74-215.dc.dc.cox.net ([68.100.74.215]:55554 helo=[192.168.15.103]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.82) (envelope-from <eburger-l@standardstrack.com>) id 1WtL0F-00079b-NN for ietf-privacy@ietf.org; Sat, 07 Jun 2014 11:06:05 -0700
References: <E87B771635882B4BA20096B589152EF628724B2C@eusaamb107.ericsson.se> <539016BE.3070008@gmx.net> <53906711.5070406@cs.tcd.ie> <5390CEC9.3000005@isi.edu> <5D2CC7D6-D9E1-49A8-818C-5FB33DC283C0@cisco.com> <5393119F.6050805@cs.tcd.ie>
From: Eric Burger <eburger-l@standardstrack.com>
Content-Type: text/plain; charset=us-ascii
X-Mailer: iPad Mail (11D201)
In-Reply-To: <5393119F.6050805@cs.tcd.ie>
Message-Id: <7AD7924B-E951-49AB-B0DA-2A9148D133CD@standardstrack.com>
Date: Sat, 7 Jun 2014 14:06:05 -0400
To: ietf-privacy@ietf.org
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger-l+standardstrack.com/only user confirmed/virtual account not confirmed
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/X9DPdaDyBJOAdj1AHQDt0xUmGjw
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jun 2014 18:06:18 -0000

In many countries service providers are required to track which user behind a NAT mapped to what IP/port the used. NAT != privacy.

--
Sent from a mobile device. Sorry for typos or weird auto-correct. Thank IETF LEMONADE for mobile email! See <http://www.standardstrack.com/ietf/lemonade/>

> On Jun 7, 2014, at 9:20 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> 
> Hi Dan,
> 
>> On 07/06/14 02:38, Dan Wing wrote:
>> 
>> Stephen,
>> 
>> It seems NAPT has become IETF's privacy feature of 2014 because
>> multiple users are sharing one identifier (IP address and presumably
>> randomized ports [RFC6056], although many NAPT deployments use
>> address ranges because of fear of compressing log files).  As a
>> former co-chair of BEHAVE it is refreshing to see the IETF embracing
>> NAPT as a desirable feature.
> 
> Embracing seems like significant overstatement to me, but maybe
> that's understandable given how calmly NAT is generally debated.
> 
> NATs have both good and bad properties. The slightly better privacy
> is one of the good ones.
> 
> Recognising that reality is neither embracing nor refreshing IMO,
> nor does it mean NAPT is (un)desirable overall. (That's an argument
> I only ever watch from the side-lines thanks:-)
> 
>> However, if NAPT provides privacy and NAT Reveal removes it, where
>> does that leave a host's IPv6 source address with respect to BCP188?
>> 
>> Afterall, an IPv6 address is quite traceable, even with IPv6 privacy
>> addresses (especially as IPv6 privacy addresses are currently
>> deployed which only obtain a new IPv6 privacy address every 24 hours
>> or when attaching to a new network).  If BCP188 does not prevent
>> deployment of IPv6, I would like to understand the additional privacy
>> leakage of IPv4+NAT+NAT_Reveal compared to the privacy leakage of
>> IPv6+privacy_address.
> 
> I'm frankly amazed that that's not crystal clear to anyone who
> has read all 2.5 non-boilerplate pages of the BCP. Or even just
> the last two words of the 1-line abstract (hint: those say "where
> possible.")
> 
> Yes, source addresses leak information that affects privacy. But
> we do not have a practical way to mitigate that. So therefore
> BCP188 does not call for doing stupid stuff, nor for new laws of
> physics (unlike -04 of the draft we're discussing;-)
> 
> Adding new identifiers with privacy impact, as proposed here, is
> quite different.
> 
> S.
> 
> PS: If someone wants to propose what they think is a practical
> way to mitigate the privacy issues with source addresses, please
> write a draft first and then start a separate thread somewhere.
> 
> 
>> 
>> -d
> 
> _______________________________________________
> ietf-privacy mailing list
> ietf-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-privacy