IETF Logo Mail Archive

Re: Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

Christian Huitema <huitema@huitema.net> Tue, 03 January 2023 20:55 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0A17C14CF1B for <ietf@ietfa.amsl.com>; Tue, 3 Jan 2023 12:55:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vo6b0F2N_mJ6 for <ietf@ietfa.amsl.com>; Tue, 3 Jan 2023 12:55:50 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED047C14CEE1 for <ietf@ietf.org>; Tue, 3 Jan 2023 12:55:50 -0800 (PST)
Received: from xse120.mail2web.com ([66.113.196.120] helo=xse.mail2web.com) by mx258.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1pCngA-000GDC-WE for ietf@ietf.org; Tue, 03 Jan 2023 21:14:38 +0100
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4NmkTy65qgzBHP for <ietf@ietf.org>; Tue, 3 Jan 2023 12:14:30 -0800 (PST)
Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1pCng6-0005fM-MZ for ietf@ietf.org; Tue, 03 Jan 2023 12:14:30 -0800
Received: (qmail 5537 invoked from network); 3 Jan 2023 20:14:30 -0000
Received: from unknown (HELO [192.168.1.104]) (Authenticated-user:_huitema@huitema.net@[172.58.43.64]) (envelope-sender <huitema@huitema.net>) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for <phill@hallambaker.com>; 3 Jan 2023 20:14:29 -0000
Message-ID: <f6448bbc-ddc0-2c1e-05a2-990a5a0dc8b6@huitema.net>
Date: Tue, 03 Jan 2023 12:14:30 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1
Content-Language: en-US
To: Phillip Hallam-Baker <phill@hallambaker.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "hrpc@irtf.org" <hrpc@irtf.org>, "pearg@irtf.org" <pearg@irtf.org>, saag <saag@ietf.org>
References: <HE1PR0701MB305098F652DBC34E3C40810B89F49@HE1PR0701MB3050.eurprd07.prod.outlook.com> <dc5d3c2c-e110-69f6-c868-9a62d963959f@gmail.com> <CAMm+Lwhy2RtdfYb5Yenw3aURBcE293DDFqiVBgDCWbD5MhunBg@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Subject: Re: Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
In-Reply-To: <CAMm+Lwhy2RtdfYb5Yenw3aURBcE293DDFqiVBgDCWbD5MhunBg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: 66.113.196.120
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5x9j7219Tb9QoiGKb6esGsuKj/EwzSHE5FGYwwjsNRPCBMY uhp9LQ5nvPRF5SjRA4PmD6wdmZPcItWbGe10hXJtXL4FsauCVkDjmcYJdU3yWp7KuHNaaKdg7iBE ZefdsNUFWKwa/wzJUjmazeC7ImcafOst0ziC9S2vXPyw1w72TBQ6V51u76v35b1wNe/MvdJPWWqi c9eoDWW+hxVOsiYx2+J9PgaoF8SQHto3le4zsHTaeQtlKubP6iUTjj6yPARK6buALVaA782LKxg6 vRmng8N1aLhXqdc+jC1RcnVud53D5caUhbVtvqItBqoizkEt9O20UjkwI0v+LOlw05G4BS+iyyNq bT8dUMXMJ4tUCMj6G37ZfAMLceP5aNHPt26RBupu5v1nytoNnc138GfEEIgtEXyXj6S3SDvReMcV 8TXUjLjYWQt1/5xnQymMoPsgr/U0flMcy2Vi/IcBgY4arPaiJ1W6hAyiRC61jekdwIcXNugoOEbH RyFULpSjm7jZ1h/HfDRQ5Ig8VhPsPE8NFczbWPgGbtvXLbuaJLn5f0hbPX7P9I+AFFg6ngFOl/Da YDVSEwLbCaRQCW6PK2mtDRojSVizNl0ce/s7u0P9b9Tml6eOMCV9kYYwkPx6ZsXvIUzTXkDAiiJi mGhLUFuS2lhaIetXfCg1JdAVrOwKfEKNbAnYC/ZYSZvkLC7m1vlUoFIvD3sIcP1fhJPM6B/8GX8C gPVVD6e0ol2vTRKiKbxZ1H6mbk6k6aQAB9HEpyiJ+dym1L8cD17Js0v4cp1MT/T16aVF9Qs0WGSV ueWitDcKVNeVJ9BXyu9+ceCqThTYg2px1fSoqxQCCHnLMo/m9VKh99btUAanjnMCAH2co+fBoeG+ Hs0afhsY/5zhNYWRVYKU9W9tbmVXJBqdHHDmZEKhyNAv1N35kYWaEdgLurFV5oTvAcwA4rM3FkfW 8/1kE/e7sUnsVpINvARNxpFO
X-Report-Abuse-To: spam@quarantine14.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/CTF4e_vvBWdL_JCqH853iKEkL2w>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2023 20:55:54 -0000


On 1/3/2023 12:01 PM, Phillip Hallam-Baker wrote:
> On Tue, Jan 3, 2023 at 2:39 PM Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
> 
>> On 03-Jan-23 23:27, John Mattsson wrote:
>>
>>> IP addresses are still not only long-lived trackable identifiers, but
>> they also reveal your location.
>>
>> IP addressing is intrinsically topological, so this is never going to
>> change.
>>
>> (Temporary IPv6 addresses are not long-lived, but they remain topological.)
>>
> Which is an argument for not using IP addresses end-to-end.

It is also the argument behind efforts like Oblivious DNS (RFC 9230) or 
Oblivious HTTP (https://datatracker.ietf.org/wg/ohttp/about/).

As Brian said, IP addresses will always embed some kind of topology, and 
we should always assume that this can identify the location of sending 
and receiving parties, as well as providing strong clues about their 
identity. The end-to-end solution is to "wash" the addresses by going 
through relays, but there is always the risk of relays participating in 
tracking. The "oblivious" approach is to mitigate that by minimizing 
information provided to relays.

So yes, IP addresses leak location. But also, yes, the IETF is doing 
something concrete about that.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email