IETF Logo Mail Archive

Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

Lloyd W <lloyd.wood@yahoo.co.uk> Wed, 04 January 2023 09:20 UTC

Return-Path: <eclipticplane2002@yahoo.co.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19113C14CEE2 for <ietf@ietfa.amsl.com>; Wed, 4 Jan 2023 01:20:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.846
X-Spam-Level:
X-Spam-Status: No, score=-1.846 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.co.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g0DqUxmcMKRZ for <ietf@ietfa.amsl.com>; Wed, 4 Jan 2023 01:20:01 -0800 (PST)
Received: from sonic304-21.consmr.mail.ir2.yahoo.com (sonic304-21.consmr.mail.ir2.yahoo.com [77.238.179.146]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 435D4C14CF02 for <ietf@ietf.org>; Wed, 4 Jan 2023 01:20:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s2048; t=1672823999; bh=+GCyKrftqGLMtGglDrhWMLvQbDH74P/EtjeIukHqEKA=; h=From:Subject:Date:References:Cc:In-Reply-To:To:From:Subject:Reply-To; b=j7HUAkhTPzpzsEdWyUciuIbi9AX0/lsv/kUuwbhKg8ujsZztJlEipRgChpHoBGekysXdyL/nJElvAMVxA12W6lSXULQJrhMpIiIXUP1GuscJ93XoBMO9eAF61sCKp/xGwmbI4hHPs6/Gkkt6ihfKJHMtgx4tQjwlK/LyyOCeZXtOF6Ee7GsQ3NXgOpc5EE3AzYsiFHUaN1ZWU1zfl0LdHxUWTPGdJUiZBzfn9c2lx2sbAa/Hbz/lV58EPG/O6VAwuBFcPtsooEgPVtN9nPq556R36DE+YXwqOgw3tUKeeDGjGikxmFiTAESxtbpHLx7TDeqsPXZ6CdmqDII9SRBFEg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1672823999; bh=TGUAYq5gIYMUf5+U/OgGkXjBhJeEYziidkz/QnO6hG1=; h=X-Sonic-MF:From:Subject:Date:To:From:Subject; b=AwwdD7jBn2yqmQAOr2807yzTpbSNCbkJHz9VhiNbUnDDfdsgR1yVwLOmEA6/8FrwlfJdVWEeT1hEsUM25UIDA+XzLIWS2zaxJCahMTfoXeWU25R912Zxg7S8bVozFzcGnjke6r4BKFGvdibmCHrUUX+1GznQdA+NZ//fj/npcxaTtQtkgDIIVZO4p6LkrvEz1VVu4uc84/zQ+Rd6y+xYzHqbdyAFOQI/YT5553kLkEeDvaJpJkQ96N6Ct45Xg4VUc6+bK1IyAB4rlD0rIAoTutd7RbsKamPkT7ii95X/cYTtoFnCZl5lo3cSrqj1MIX9x7izmUkYh7CifYeUhl0sqA==
X-YMail-OSG: zO7L6osVM1lveJO73CHURCxGT7OJQv0SwwPBQ64ksJEYvfmf46eIRH22qTsmSOB 54wezw5D9YwC7g2ia_7Q8eV7yOQoqZLcmThpbGkBj24hJF5iir2N9DEJ.k8N1PY0GDgHjXNoq_bz 6RtnzYynADFn71DyEbKuJTpnUZ2zu80OtfurfbWJ_lfYeTHhwwM_GV1wGm.T9jTnXMfNCjON2Exo ZO3tz0COCpnZSRHfBx8uoIQK16wiycSBrR4PScLqC_MBj2AuenkvS_zAihPc.lSKvjQax8koISYl Z7EEtyPcP30SAiG2H8tQLQwMs2ip7SRooSM_Uu6JpGjoH9oY2f785JWUcMK3XsbTbmA4m2m0ItjA Xzo6BFoZpPRNgUzgUywRRT3p4ElwMJHANoJc4WOcTCD5FbTtQSjaUlEH5eXsqX216Hebd3rLsvBS ADKHo2o49rNG59wOlD8lMPYF_mEEH8gKCmMmYnwAzSAZRT20PUl0atSeAZoz0J3bjrT8vut42KVP YcwtGFkG_Z6jrigAaaNYb0Ftz5oFsDFkSZRuhfOgdqDFwhJ79K3Hdi_.n4h18LX69h41XVUJnP.x qGm1DmCLd_o91HVozGXIteujGuOJ0O6wqJ0IEJW6D1MphR17aXAED8gWnDh1SMnTscXTM4900QTy GuCryr6OukEzQWn.6Pxoeit.1M8B.upvBaFI_o6JrH_zKmXDQliNt.rtQRKdFdruP1L_GOMC2Xcd iZnPk4DJSpmOX2T9fviLu0bwfFDZx.YPKDb0xYylkX0aYnwUwdvvDWYRlrksIy3fGYAGUb_tlNNq HxXc3Izli1MHxnWLOqxQOEHxRYhzKnrN8xE_QExqEFn6avivVr1uUgHTo9TN1aN4H5cy.eCiSNEA 96O5Wrp7xjJ1orwLfRaM0QlR6MiWjortPwH6Y7OnjZ4FTwkS1cqljkBhr7kYlKbv.KxfsSrvTaGs q1TSDetfE_kjDCdRbThy..XgU4Z8ChR1b01ppLaHQKAy57ZESbozXm7WTMDHQlTpd3X7gU6z6dAA enhWBoaaTcJ4IUyBE_NdqNsXFfR1Sm7xcHkf10tkEtLW6av8M.AawwzcbZbEJ6ZjJQyTUNpVmkqu QdUTIsIMO09zxGyJOa.xg9PnpVdLVEc4w8IuBHn3BrYJ9aGH8fW7PwTl8cAV4MWPSnyIbCxdmzeo Myo1m4ZZ4WThnTys9wfM7ikyUSWO06kyWBFcIRey2lexcSfVa2dZr3aAbm_wSBC.6q3G80E_AEdY h0Hqjm7zzdsfLXej40FvkjQPdQDcijfPsD.mIxeyjNWrLViQjOXRmP_2D_Al5KUa6kDD8vECJ2yc jCj38EoH5RYv9Hdc6mmRrc5IGFHV28g6if8C5Y5GEyqxSVH0409R9u1.gKZO1FDZC2UXW6rPBkng iyngkrfcMq87h3I49eAYMhI77qqPo0TCWZ..LuaezKx8IO90q_E8aoxa.kUZeAUxJd34lcZtcX_a fTf8zHaxwzNa_ZzLX375EdM1V7PtojYeS2Z0nYL6PNEIpuku08iOg4FEhcr_4GMw.ApiNyqKs5lW k12pTJrZzNm6mQJvQFXaqIQxx1W399WCqUH8M94m3b8OKfTpjnUwvhl_y0b8hmmQFj8knkdQ0EpK RKWkhjjktZAz0fq7v9oKFDRtuOLdWhtr5dUXCxeNdE3e7uLXB_G8Lw_.Tx4OcSF6U9UKSC2aTgYZ STrBJnz2uEIBckFAjSzxr4H_nruVA9RZqjtgBeIdhiiqCKBaejwy9lMUMoW._V0JZGFzYQhkoy7j uLqxfsQnPcSdUlD5JYy3BvSk6yOaGPyXjf2Xie2MQ36mkWXnLqtseiF3Yd9xbidEwbezrXqxyOXK 2uXefF1jz0JHz6nJ9UvwUrNhKIXOQYYX1c_DLLXFOWXOuGfMtxqjvdrBNL_JUMuuMr8Tiogowqej Zzm7Xvq_.Jm2EwgG3Ueoki6AxEVtz1dWLPwdzkkseaqy0_ibIbC5wbiWF9XpnsH1ju4UWD13adjm t5rXvxGPdRc4YSMBF9iw06n18qdnJYHc6t95DUjU_dRW9LDjnlIULDxp4E3H1nJ.X.0lzGP8xvIv f7zwaEL879lsTB9AqjjlVKosJyp15e_wAn9o28LFDe5n2QkFvrDSAWiqtiIyDE55FnTp5W9JfFKX ih.ZUyp3NyNl8CQe0SUrUtZIx.P.oTSALAhgnasBaumjc.BG07milrVBFs0DSrP4ATy9bae.GXlN NaEsXQSzmW8og.DKQd.vAkjV9Sxdqj3mgNVn5SbhUywc8gRnyodtLiPGZwC_K5wB.57CMXA8s15e 94Zg-
X-Sonic-MF: <eclipticplane2002@yahoo.co.uk>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ir2.yahoo.com with HTTP; Wed, 4 Jan 2023 09:19:59 +0000
Received: by hermes--production-ne1-7b69748c4d-pm9xv (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID b54db36d2db9440db96f58bd4dcac690; Wed, 04 Jan 2023 09:19:56 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Lloyd W <lloyd.wood@yahoo.co.uk>
Mime-Version: 1.0 (1.0)
Subject: Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
Date: Wed, 04 Jan 2023 20:19:42 +1100
Message-Id: <08C49067-DB4C-41AB-A6F3-B96BDBE0A4BC@yahoo.co.uk>
References: <3c3230f3783b4ec9a8a9e3bb87cc2a8d@huawei.com>
Cc: Stewart Bryant <stewart.bryant@gmail.com>, Dino Farinacci <farinacci@gmail.com>, ietf@ietf.org, pearg@irtf.org, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, saag <saag@ietf.org>, hrpc@irtf.org
In-Reply-To: <3c3230f3783b4ec9a8a9e3bb87cc2a8d@huawei.com>
To: Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>
X-Mailer: iPad Mail (20C65)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/dZRnGMeCOvcjg1lE2QXpAzZd1rc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 09:20:06 -0000

There has been no mention of NAT in this thread as an obscuring technique.

There's probably scope for a 'best practices for preserving privacy for carrier grade NATs' or somesuch document  -- I doubt much can be done at the low end for a NATted residential 192.168.1.1 network, but CGNAT for millions of users is a very different beast.

Lloyd Wood
lloyd.wood@yahoo.co.uk

> On 4 Jan 2023, at 19:59, Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org> wrote:
> 
> Hello,
> 
> IP addresses are indeed topological. As you mentioned, the challenge with making the network layer privacy-preserving is how to route the packet without revealing the source and destination of packets. 
> 
> In the literature, there has been two approaches to this challenge: using a set of indirection elements (proxies, onion relays, private relays, you name them) in order to keep a sense of destination-based routing or using a source routing approach so that the source encodes the path to the destination using a sequentially encrypted data structure that is decrypted little by little by the elements relaying the packet. The latter approach is for example demonstrated in Sphinx or Hornet, two academic work in the area of privacy-preserving communications. I think this later approach has not been given enough attention in practical solutions, and I would be interested in working on the challenges raised by such an approach in the realm of the IETF.
> 
> If the data plane becomes anonymous, there is indeed a need to also have privacy in the control plane. In my view, this is less challenging because the timing constraints in the control plane are (a bit) less constraining, and we can use techniques studied in PPM or OHAI WG. For instance, if we adopt the source-routed approach to protect privacy at the IP layer, we need to have a privacy-preserving path computation element of some sort. This element could be developed using techniques from private information retrieval, secure multiparty computation or oblivious transfer. 
> 
> Would there be interest in the community to have a document summarizing the state of affairs and remaining challenges of IP layer anonymization? I volunteer to start such a document if there is.
> 
> Best regards,
> 
> Antoine 
> 
> -----Original Message-----
> From: saag <saag-bounces@ietf.org> On Behalf Of Stewart Bryant
> Sent: mercredi 4 janvier 2023 09:06
> To: Dino Farinacci <farinacci@gmail.com>
> Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>; John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>; ietf@ietf.org; hrpc@irtf.org; pearg@irtf.org; saag <saag@ietf.org>
> Subject: Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
> 
> For all end to end communications the routing system needs to know how to deliver the packet. Obscuring the mapping between the address and the location moves the anonymisation problem from the data plane to the routing plane. This makes life harder for the observer, but I am not sure that it makes it sufficiently hard as to be worth the cost. One advantage of the topological association of addresses is the intrinsic address aggregation property which both reduces routing traffic overhead and speeds up convergence.
> 
> Stewart 
> 
> Sent from my iPad
> 
>> On 3 Jan 2023, at 22:29, Dino Farinacci <farinacci@gmail.com> wrote:
>> 
>> EIDs are not topological. We have all known this for a very long time. We can make them ephemeral as well, we can make them cryptographic. 
>> 
>> Dino
>> 
>>>> On Jan 3, 2023, at 11:38 AM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>> 
>>>> On 03-Jan-23 23:27, John Mattsson wrote:
>>>> 
>>>> IP addresses are still not only long-lived trackable identifiers, but they also reveal your location.
>>> 
>>> IP addressing is intrinsically topological, so this is never going to change.
>>> 
>>> (Temporary IPv6 addresses are not long-lived, but they remain topological.)
>>> 
>>> Brian
>>> 
>>> _______________________________________________
>>> saag mailing list
>>> saag@ietf.org
>>> https://www.ietf.org/mailman/listinfo/saag
>> 
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email