Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers

<mohamed.boucadair@orange.com> Fri, 06 June 2014 11:41 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 116741A0245; Fri, 6 Jun 2014 04:41:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BOXM3l-v-O4Y; Fri, 6 Jun 2014 04:41:35 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BACA1A0279; Fri, 6 Jun 2014 04:41:35 -0700 (PDT)
Received: from omfedm08.si.francetelecom.fr (unknown [xx.xx.xx.4]) by omfedm10.si.francetelecom.fr (ESMTP service) with ESMTP id 1E5262641BD; Fri, 6 Jun 2014 13:41:27 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.16]) by omfedm08.si.francetelecom.fr (ESMTP service) with ESMTP id EF659238055; Fri, 6 Jun 2014 13:41:26 +0200 (CEST)
Received: from OPEXCLILM23.corporate.adroot.infra.ftgroup ([169.254.2.12]) by OPEXCLILH05.corporate.adroot.infra.ftgroup ([10.114.31.16]) with mapi id 14.03.0181.006; Fri, 6 Jun 2014 13:41:26 +0200
From: <mohamed.boucadair@orange.com>
To: Ted Lemon <ted.lemon@nominum.com>
Thread-Topic: [Int-area] [ietf-privacy] NAT Reveal / Host Identifiers
Thread-Index: AQHPgXTWDm6yLULEn0WY6FQhphp6qZtj82Fg
Date: Fri, 6 Jun 2014 11:41:26 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B933001433C@OPEXCLILM23.corporate.adroot.infra.ftgroup>
References: <E87B771635882B4BA20096B589152EF628724B2C@eusaamb107.ericsson.se> <539016BE.3070008@gmx.net> <53906711.5070406@cs.tcd.ie> <5390D2F8.6000801@gmail.com> <1B87ABE4-1CA1-450D-BA96-3018DF39F08D@nominum.com> <787AE7BB302AE849A7480A190F8B93300141B4@OPEXCLILM23.corporate.adroot.infra.ftgroup> <8A4C0802-DE9A-4ADF-AEA5-61DEC2AFB25B@nominum.com>
In-Reply-To: <8A4C0802-DE9A-4ADF-AEA5-61DEC2AFB25B@nominum.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.3]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2014.6.6.104820
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/lT9Y97LF80zDJeeerA6GvPjn7_I
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2014 11:41:40 -0000

Re-,

Please see inline.

Cheers,
Med

>-----Message d'origine-----
>De : Ted Lemon [mailto:ted.lemon@nominum.com]
>Envoyé : vendredi 6 juin 2014 12:48
>À : BOUCADAIR Mohamed IMT/OLN
>Cc : Brian E Carpenter; ietf-privacy@ietf.org; int-area@ietf.org; Stephen
>Farrell
>Objet : Re: [Int-area] [ietf-privacy] NAT Reveal / Host Identifiers
>
>On Jun 6, 2014, at 4:11 AM, mohamed.boucadair@orange.com wrote:
>> Adding a discussion on potential misuses can be considered to address the
>comment from Stephen if those are not redundant with the text already in
>http://tools.ietf.org/html/rfc6967#section-3.
>
>The document hasn't been adopted yet, so we can avoid security issues
>simply by not adopting it.

[Med] I'm not sure about this Ted. There are other initiatives that try to solve the issue for particular use cases, see for instance this effort for HTTP: http://tools.ietf.org/html/draft-ietf-appsawg-http-forwarded-10. The rationale of the "host identifier scenarios" document is to group all use cases suffering from the same problem instead of focusing on one single case. This allows having a big picture view of the problem space. 

   Talking about what the security considerations
>section might do to ameliorate the harm isn't in scope yet.   First we need
>to decide whether there is more harm than good done by adopting and
>publishing the document!

[Med] Fair enough.