Re: [lisp] [Ideas] WG Review: IDentity Enabled Networks (ideas)
Christian Huitema <huitema@huitema.net> Wed, 11 October 2017 20:59 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 460C81286C7 for <ietf@ietfa.amsl.com>; Wed, 11 Oct 2017 13:59:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OC3XGLVKOlli for <ietf@ietfa.amsl.com>; Wed, 11 Oct 2017 13:59:14 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C6011243F6 for <ietf@ietf.org>; Wed, 11 Oct 2017 13:59:14 -0700 (PDT)
Received: from xsmtp06.mail2web.com ([168.144.250.232]) by mx1.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1e2O5t-0006Qh-QN for ietf@ietf.org; Wed, 11 Oct 2017 22:59:12 +0200
Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1e2O5q-0005ce-CU for ietf@ietf.org; Wed, 11 Oct 2017 16:59:07 -0400
Received: (qmail 27796 invoked from network); 11 Oct 2017 20:59:02 -0000
Received: from unknown (HELO [192.168.1.103]) (Authenticated-user:_huitema@huitema.net@[172.56.42.26]) (envelope-sender <huitema@huitema.net>) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for <ietf@ietf.org>; 11 Oct 2017 20:59:02 -0000
To: Dino Farinacci <farinacci@gmail.com>
References: <150670160872.14128.2758037992338326085.idtracker@ietfa.amsl.com> <778d5504-ba4f-d418-7b20-356353bb0fb2@cs.tcd.ie> <CAMm+Lwg61PGrcmu=-e8ciD6Q+XmEaWWDys4g2M657VOjWmaGcg@mail.gmail.com> <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <644DA50AFA8C314EA9BDDAC83BD38A2E0EAA7204@sjceml521-mbx.china.huawei.com> <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie> <0BA14206-DC82-49EF-A625-B2425FA396F6@gmail.com> <1f254140-1340-6c7d-9c73-e7137562c685@gmail.com> <fa644cc2-161f-8884-3445-2b50d2c2ad23@htt-consult.com> <cf2ca920-f2d2-b65e-05eb-ebe3c30b76d1@huitema.net> <CAG-CQxrdS9L+2+bN=1NcPGuztn4U4OwSWUiNaVcS9Bsm2mtpfA@mail.gmail.com> <b18459d1-7ce1-b83d-787d-9066267d584b@huitema.net> <17BE9E1D-120B-4508-B765-3799134FD708@gmail.com>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <0571f77e-01c0-8749-9b33-4cb85584f0e0@huitema.net>
Date: Wed, 11 Oct 2017 13:58:59 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <17BE9E1D-120B-4508-B765-3799134FD708@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
Subject: Re: [lisp] [Ideas] WG Review: IDentity Enabled Networks (ideas)
X-Originating-IP: 168.144.250.232
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.59)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5jfODtP2dF36PoqdfuBQ/SEXv9krsgRhBn0ayn6qsUc7A/WvCPr15FZJ Lv3b+YLl4bgNzB/4Jkrw1eDLcif59fscF4oCzG7UJlmsbsV5NUBAB98yDTitFWvbHwz9vKZpm3I5 mq5AFk9iXeoOoZGPBgSZ3JKVmi72ocgY5kMQSjs7Pk8VxOtUn7O9m8cCuN8HIa1B2N+xwNIm4bky rJMaAA/itEW1aHIJYDvx6uGLOm1Bi99Or0uXh6FskGQ3mtr4LUU/Qweyn+lg7TbDa2rNOWNaHCnN rMSSA7xor9tnUlOY8pSJo/Vkdr+FbBdda40x5B/NGyVcjXsZLVHUb2pmaEmDh4PRiBbRliPgaurB TRjstfheF24EjrGuHVHIMu1lYZhMr2sR3cQs/oU/axm99b2jdwip2wrbEvxHA2swIjN6PhFSfsse t38tyDP81cDf6vvg7iEFLP+SSY+Av5+AiC4+FlPRM1XDL9X8GH7hq4bsBZMSfnLsLHEGJ9Eex0Gv zrSv1CH9f7SOxhW3s33fRJJZ0VwEd+iNUj65ezw/iijHw95cPWLsHiU6tFs2fFlaJuRMyksc0Dx4 iQa9AzGuG3nTPpuFqUUQz+mM8JAD4ECWbX4UNXCpqo7O1ydl5uwebKf4b0gaZx7Nq9QqOn1O3qQP 3CZC3ndjc0/1A/HchPjzt9zJbtsjhGNxHOcCUA4B/iG7X+t1TW39Ja77LGPpOwDCYR4kEX6t994C WVS20AAhkbNAcfUjYl7ukVpITbmDi1AxXqQU4SUCmX1X8Fu4HDGpb4mi9wLRe0dO1qfOpsb8Qk2H BukllN/eBZD4GGbFsCT/dtMIs/LqOU9hZ/v31oRzg7QgpumQxgT4IcKeAlfy/bB/laLK9WZp+I7d gzC3lLdvK/cKOEqlCIPGIfYQDNKLLI6rY1d8Qdsix0hWyXbo
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/gIriNfFyUcaS4pAFoEzDASIOjJk>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2017 20:59:16 -0000
On 10/11/2017 12:39 PM, Dino Farinacci wrote: > Let me ask for your opinion Christian (or anyone else for that matter). If a device is assigned a private/public key-pair and the identifier for the device is a hash of the public-key, is the identifier private? The proper question is, what are the privacy properties of the identifier. And there, there are two big scenarios: casual observation, and proof of ownership. Casual observation is what happens when the identifier can be shown in network traffic, logs, etc. There, the properties vary depending on how the hash is constructed. If H = hash(public-key), then the identifier is static, and the privacy properties are just the same as publishing the public key -- which means, mostly terrible, as EKR said. On the other hand, if H = hash(public-key|something-that-changes-for-every-session-and-is-hard-to-predict), then the properties are similar to privacy preserving IPv6 addresses. Many of the scenarios seem to require proof-of-ownership, as in "proving that the device can legitimately use the ID by demonstrating ownership of the public key behind the ID". In that case, you are effectively publishing the public key. If the public key is static and permanent, that is a pretty strong identifier with terrible privacy properties. On the other hand, if you can pick a new public key for every session, then the privacy properties are reasonable. -- Christian Huitema > > Is the identifier trackable even when its network location is not generally known, not advertised publicly, and possibly changing frequently?
- Fwd: Re: WG Review: IDentity Enabled Networks (id… Christian Huitema
- Re: WG Review: IDentity Enabled Networks (ideas) Stephen Farrell
- Re: Fwd: Re: WG Review: IDentity Enabled Networks… Joe Touch
- Re: WG Review: IDentity Enabled Networks (ideas) Phillip Hallam-Baker
- Re: [Ideas] WG Review: IDentity Enabled Networks … Tom Herbert
- Re: [Ideas] WG Review: IDentity Enabled Networks … stephen.farrell
- Re: WG Review: IDentity Enabled Networks (ideas) John C Klensin
- Re: [Ideas] WG Review: IDentity Enabled Networks … Tom Herbert
- Re: Fwd: Re: WG Review: IDentity Enabled Networks… Erik Nordmark
- RE: [Ideas] WG Review: IDentity Enabled Networks … Alexander Clemm
- Re: WG Review: IDentity Enabled Networks (ideas) Eggert, Lars
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Dino Farinacci
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- RE: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- RE: [Ideas] WG Review: IDentity Enabled Networks … Padmadevi Pillay Esnault
- Re: WG Review: IDentity Enabled Networks (ideas) Jari Arkko
- Re: [Ideas] WG Review: IDentity Enabled Networks … Joel M. Halpern
- Re: [Ideas] WG Review: IDentity Enabled Networks … Brian E Carpenter
- Re: [Ideas] WG Review: IDentity Enabled Networks … Tom Herbert
- RE: [Ideas] WG Review: IDentity Enabled Networks … Alexander Clemm
- Re: [Ideas] WG Review: IDentity Enabled Networks … Dino Farinacci
- RE: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Joel M. Halpern
- Re: [Ideas] WG Review: IDentity Enabled Networks … Benjamin Kaduk
- Re: [Ideas] WG Review: IDentity Enabled Networks … Joel Halpern Direct
- Re: WG Review: IDentity Enabled Networks (ideas) Mike StJohns
- Re: WG Review: IDentity Enabled Networks (ideas) Phillip Hallam-Baker
- RE: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- RE: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- RE: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Joel M. Halpern
- Re: [Ideas] WG Review: IDentity Enabled Networks … Leif Johansson
- Re: [Ideas] WG Review: IDentity Enabled Networks … Leif Johansson
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: Fwd: Re: WG Review: IDentity Enabled Networks… Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- RE: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- RE: [Ideas] WG Review: IDentity Enabled Networks … Georgios Karagiannis
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- RE: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Randy Bush
- Re: WG Review: IDentity Enabled Networks (ideas) S Moonesamy
- Re: WG Review: IDentity Enabled Networks (ideas) Padma Pillay-Esnault
- Re: WG Review: IDentity Enabled Networks (ideas) S Moonesamy
- Re: WG Review: IDentity Enabled Networks (ideas) Padma Pillay-Esnault
- Re: WG Review: IDentity Enabled Networks (ideas) S Moonesamy
- Re: [Ideas] WG Review: IDentity Enabled Networks … Tom Herbert
- Re: WG Review: IDentity Enabled Networks (ideas) Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Melinda Shore
- Re: [Ideas] WG Review: IDentity Enabled Networks … Brian E Carpenter
- RE: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Tom Herbert
- RE: [Ideas] WG Review: IDentity Enabled Networks … S Moonesamy
- RE: [Ideas] WG Review: IDentity Enabled Networks … Alexander Clemm
- Re: [Ideas] WG Review: IDentity Enabled Networks … Brian E Carpenter
- Re: [Ideas] WG Review: IDentity Enabled Networks … Alvaro Retana
- Re: [Ideas] WG Review: IDentity Enabled Networks … Robert Moskowitz
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Randy Bush
- Re: [Ideas] WG Review: IDentity Enabled Networks … Eggert, Lars
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Randy Bush
- Re: [Ideas] WG Review: IDentity Enabled Networks … Jeff Tantsura
- RE: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Randy Bush
- Re: [Ideas] WG Review: IDentity Enabled Networks … Robert Moskowitz
- Re: [Ideas] WG Review: IDentity Enabled Networks … Robert Moskowitz
- Re: [Ideas] WG Review: IDentity Enabled Networks … Robert Moskowitz
- Re: [Ideas] WG Review: IDentity Enabled Networks … Robert Moskowitz
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Robert Moskowitz
- Re: [Ideas] WG Review: IDentity Enabled Networks … Christian Huitema
- Re: [Ideas] WG Review: IDentity Enabled Networks … Christian Huitema
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Padma Pillay-Esnault
- RE: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Alexander Clemm
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Christian Huitema
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Sam Sun
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Christian Huitema
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Randy Bush
- RE: [Ideas] WG Review: IDentity Enabled Networks … Georgios Karagiannis
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Toerless Eckert
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Tom Herbert
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Toerless Eckert
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Tom Herbert
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… John C Klensin
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Toerless Eckert