IETF Logo Mail Archive

Re: [Ila] [DMM] Fwd: New Version Notification for draft-herbert-ila-mobile-00.txt

Lorenzo Colitti <lorenzo@google.com> Tue, 06 February 2018 06:17 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ila@ietfa.amsl.com
Delivered-To: ila@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13AF9126BFD for <ila@ietfa.amsl.com>; Mon, 5 Feb 2018 22:17:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U_FXo1pBHFcr for <ila@ietfa.amsl.com>; Mon, 5 Feb 2018 22:17:13 -0800 (PST)
Received: from mail-wr0-x232.google.com (mail-wr0-x232.google.com [IPv6:2a00:1450:400c:c0c::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA7D41200C1 for <ila@ietf.org>; Mon, 5 Feb 2018 22:17:12 -0800 (PST)
Received: by mail-wr0-x232.google.com with SMTP id v15so692611wrb.8 for <ila@ietf.org>; Mon, 05 Feb 2018 22:17:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6CIlc7gOdWQAHDj+vKH9FRXQuxYsmypOm4ZaGko0zyc=; b=rwW18SEQo6aTjocHHDnw+w2seAyFXS7PlxFmMe0Qjal3dwjuT6f+fHmTaojvjJlBbV 7yHQJpAsAbyNfrOcpBTtCl2GRjN2wyoIzZeztYk6i9uQYwUAZQBLgWim3SIXO6MWJtei JcmTSuUcrI2//Xg4M9j20tP9Q2/d2XSf1tjQMF4jTQmdSlON8zhbm6XGKoG4Rbnv4+U7 sdHmXlwrlk0vAYtRcIWEwilYBwVkSG2ElOK5vstrqxK59xuIS4rb1lGgoPmxCrv4Nf5X lOfvvDMtF67+05rMuM8qAcYBrPSk25cTe9QfBYpVatWiNA/PsFQJk7tznDBSAtdBgBdG 6y6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6CIlc7gOdWQAHDj+vKH9FRXQuxYsmypOm4ZaGko0zyc=; b=hh7VIl8lyv8opQmud5LAM4Nfo27TJ9ZmY+kYlExRs8Azrs2rV+hs/8M8Cmt+EQca+J pqsXwPcAq2bdUU+N9jNXO6xnTiVyYSK1Bjr3XGEdUQ/UtvGVApXAv866yE2yVu2jvoyC wLS+zv9i/ckwCv+IsfpIkZqybDfKo0TZvM+IdRCfhHGSZXKRjajqyHOmoCuECQLG6KSH hzJUjlkHIYk8A+48wBCYBXNH3zl1UhhMHYfE7WXV1nLg6d9ZPF43Rm5bePFk90FimePf CRlUGFVkdB1m9z838JXjXiD0M5tVo+lQbvZ5T2rsOkzAH9rQj+s9V4TtV6kiq2RyXA68 0ZiA==
X-Gm-Message-State: APf1xPBxyLdqdAVSUkWipY67HtAskKL896VzN93YCoNFUlOrWIoH5JuS vhiIk88t/+1EqjBBduVPuhmqSn9PNQDSIfL/cAsWlA==
X-Google-Smtp-Source: AH8x225ioL6LYD8deL21r3z3ND+wPMAh+MMD5gy43q2LXTVgBHPekiCb3VjZBHLR/Xc4ttALuvi5crEOlCT9ZdH+/OY=
X-Received: by 10.223.157.135 with SMTP id p7mr1160793wre.34.1517897830881; Mon, 05 Feb 2018 22:17:10 -0800 (PST)
MIME-Version: 1.0
Received: by 10.28.220.215 with HTTP; Mon, 5 Feb 2018 22:16:50 -0800 (PST)
In-Reply-To: <CAPDqMeq4CN_v6Aycb=jqEAttq+teUaVYpxyn8WL-6rV8jtHQzg@mail.gmail.com>
References: <151750859755.24445.6929673804211867286.idtracker@ietfa.amsl.com> <CAPDqMerbX4UJ-mK-A-f=im=1h0Yz-52QfWLLgVDkybtSShNp5Q@mail.gmail.com> <CAKD1Yr0Xpi=3mn8VfQ3eRm4ZWWDfYd10e+y3EUcY2rX-FaYbXw@mail.gmail.com> <CAPDqMepxQcDhx2gE3cNtGewaYeYD1Gw+XCxz2U2okBf7kaxFcw@mail.gmail.com> <CAKD1Yr14D+8dv=Hj=4c+aQvLVUN1hS9TPST+T0tgpmYAW8ncVg@mail.gmail.com> <CAPDqMeq4CN_v6Aycb=jqEAttq+teUaVYpxyn8WL-6rV8jtHQzg@mail.gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Tue, 06 Feb 2018 15:16:50 +0900
Message-ID: <CAKD1Yr1NXWdN7Whjk1bAmEvhAdxmYqm2nvtUexVbipcT1M5juQ@mail.gmail.com>
To: Tom Herbert <tom@quantonium.net>
Cc: dmm <dmm@ietf.org>, ila@ietf.org
Content-Type: multipart/alternative; boundary="f403043a22ec04a67c05648521f6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ila/k2_8-YpjVZohCVngeaoP3xF2YVI>
Subject: Re: [Ila] [DMM] Fwd: New Version Notification for draft-herbert-ila-mobile-00.txt
X-BeenThere: ila@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Identifier Locator Addressing <ila.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ila>, <mailto:ila-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ila/>
List-Post: <mailto:ila@ietf.org>
List-Help: <mailto:ila-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ila>, <mailto:ila-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 06:17:15 -0000

On Tue, Feb 6, 2018 at 3:02 PM, Tom Herbert <tom@quantonium.net> wrote:

> On Tue, Feb 6, 2018 at 2:17 PM, Tom Herbert <tom@quantonium.net> wrote:
>>
>>> Section 8.3 provides the argument that singleton addresses are needed
>>> for privacy-sensitive communications. For practicality and probably scaling
>>> /64 is needed, however for strong privacy singleton addresses would be
>>> needed (to avoid resorting to NAT).
>>>
>>
>> You don't need singletons for privacy. You can just assign /64s that
>> change over time.
>>
>
> Yes, that seems to be the recommendation of RFC4914. However, neither that
> RFC nor anyone else that I can tell has been able to quantitatively
> describe the relationship between frequency of changing prefix and privacy.
> Any statements about this are qualitative in nature. By intuition, it might
> be believable that higher frequency should mean better privacy, but nobody
> can quantify that. So for a user where privacy is paramount, my example is
> a political dissident that is anonymously criticizing their government,
> there is no definitive answer to give then when they ask what frequency
> they need to ensure their privacy. Besides that, I believe that any
> frequency could be defeated with the postulated exploit below (if you see a
> flaw in this logic please let me know).
>

In general, any scheme that relies in changing singletons can be
implemented by changing /64 prefixes in the same way.

Your example of a dissident that is criticizing the government is not a
relevant one in the likely case that the government has the power to compel
the network operator to log all the singletons that the network assigns.


> Actually, there is one frequency where the privacy effects can be
> qualified: that is to use a different address per connection. This is
> effectively what stateful NAT provides and why law enforcement doesn't like
> it. With a large enough pool of users behind a NAT, flows sourced form the
> same device cannot be correlated by a third party in external network. This
> is strong privacy privacy in addressing (properties listed in 8.3). In lieu
> of telling the political dissident to find a provider using NAT, assigning
> addresses for singe use can provide it. Assigning a /64 to every flow won't
> scale, but singleton addresses could.
>

Saying that assigning unaggregatable singleton addresses to each flow would
scale is an extremely bold statement. Back-of-the-envelope says that with
100M devices and an average of 10 flows per device that last 5 minutes on
average you've got 1B entries and 3.3 milion flow updates per second. That
amount of state must be available within a reasonable time (line rate, or,
say, 1 RTT) to any border router that could conceivably receive a packet
for any one of those flows. I don't know what sort of hardware you'd be
able to run that on, nor who would want to make such a colossal
infrastructure investment even if it could be done.

v2.23.0 | Report a Bug | By Email