Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers

<mohamed.boucadair@orange.com> Wed, 11 June 2014 14:38 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D9611A0147; Wed, 11 Jun 2014 07:38:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7EDCabqjXAWl; Wed, 11 Jun 2014 07:38:18 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias245.francetelecom.com [80.12.204.245]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BCE41A0127; Wed, 11 Jun 2014 07:38:18 -0700 (PDT)
Received: from omfeda06.si.francetelecom.fr (unknown [xx.xx.xx.199]) by omfeda14.si.francetelecom.fr (ESMTP service) with ESMTP id ED7B32AC892; Wed, 11 Jun 2014 16:38:16 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.16]) by omfeda06.si.francetelecom.fr (ESMTP service) with ESMTP id CD237C8058; Wed, 11 Jun 2014 16:38:16 +0200 (CEST)
Received: from OPEXCLILM23.corporate.adroot.infra.ftgroup ([169.254.2.12]) by OPEXCLILH05.corporate.adroot.infra.ftgroup ([10.114.31.16]) with mapi id 14.03.0181.006; Wed, 11 Jun 2014 16:38:16 +0200
From: <mohamed.boucadair@orange.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Dan Wing <dwing@cisco.com>
Thread-Topic: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
Thread-Index: AQHPglNJdwFj/1Pg2EKVA7MlkS7VwJtr/0Dg
Date: Wed, 11 Jun 2014 14:38:16 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330016077@OPEXCLILM23.corporate.adroot.infra.ftgroup>
References: <E87B771635882B4BA20096B589152EF628724B2C@eusaamb107.ericsson.se> <539016BE.3070008@gmx.net> <53906711.5070406@cs.tcd.ie> <5390CEC9.3000005@isi.edu> <5D2CC7D6-D9E1-49A8-818C-5FB33DC283C0@cisco.com> <5393119F.6050805@cs.tcd.ie>
In-Reply-To: <5393119F.6050805@cs.tcd.ie>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2014.6.10.215118
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/wr1BqOVJUd4HmMkR9jy5Bg_kE0U
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>, Internet Area <int-area@ietf.org>, Joe Touch <touch@isi.edu>
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 14:38:20 -0000

Re-,

Please see inline.

Cheers,
Med

>-----Message d'origine-----
>De : ietf-privacy [mailto:ietf-privacy-bounces@ietf.org] De la part de
>Stephen Farrell
>Envoyé : samedi 7 juin 2014 15:21
>À : Dan Wing
>Cc : ietf-privacy@ietf.org; Internet Area; Joe Touch
>Objet : Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
>
>
>Hi Dan,
>
>On 07/06/14 02:38, Dan Wing wrote:
>>
>> Stephen,
>>
>> It seems NAPT has become IETF's privacy feature of 2014 because
>> multiple users are sharing one identifier (IP address and presumably
>> randomized ports [RFC6056], although many NAPT deployments use
>> address ranges because of fear of compressing log files).  As a
>> former co-chair of BEHAVE it is refreshing to see the IETF embracing
>> NAPT as a desirable feature.
>
>Embracing seems like significant overstatement to me, but maybe
>that's understandable given how calmly NAT is generally debated.
>
>NATs have both good and bad properties. The slightly better privacy
>is one of the good ones.
>
>Recognising that reality is neither embracing nor refreshing IMO,
>nor does it mean NAPT is (un)desirable overall. (That's an argument
>I only ever watch from the side-lines thanks:-)
>
>> However, if NAPT provides privacy and NAT Reveal removes it, where
>> does that leave a host's IPv6 source address with respect to BCP188?
>>
>> Afterall, an IPv6 address is quite traceable, even with IPv6 privacy
>> addresses (especially as IPv6 privacy addresses are currently
>> deployed which only obtain a new IPv6 privacy address every 24 hours
>> or when attaching to a new network).  If BCP188 does not prevent
>> deployment of IPv6, I would like to understand the additional privacy
>> leakage of IPv4+NAT+NAT_Reveal compared to the privacy leakage of
>> IPv6+privacy_address.
>
>I'm frankly amazed that that's not crystal clear to anyone who
>has read all 2.5 non-boilerplate pages of the BCP. Or even just
>the last two words of the 1-line abstract (hint: those say "where
>possible.")
>
>Yes, source addresses leak information that affects privacy. But
>we do not have a practical way to mitigate that. So therefore
>BCP188 does not call for doing stupid stuff, nor for new laws of
>physics (unlike -04 of the draft we're discussing;-)

[Med] FWIW, this draft does not hint solutions but it aims to describe scenarios with problems. I understand you have concerns with privacy but this is not an excuse to abuse and characterize this effort as "stupid". Privacy implications should be assess on a per use case basis (see for example cases where all involved entities belong to same administrative entity). Furthermore, the document (including -04) says the following : "the document does not elaborate whether explicit authentication is enabled or not."

>
>Adding new identifiers with privacy impact, as proposed here, is
>quite different.

[Med] I have already clarified this point: the scenario draft does not propose any identifier!

>
>S.
>
>PS: If someone wants to propose what they think is a practical
>way to mitigate the privacy issues with source addresses, please
>write a draft first and then start a separate thread somewhere.
>
>
>>
>> -d
>>
>
>_______________________________________________
>ietf-privacy mailing list
>ietf-privacy@ietf.org
>https://www.ietf.org/mailman/listinfo/ietf-privacy