IETF Logo Mail Archive

Re: [Int-area] IPv4 address sharing abuse [was RE: draft-boucadair-intarea-nat-reveal-analysis]

SM <sm@resistor.net> Fri, 09 September 2011 09:30 UTC

Return-Path: <sm@resistor.net>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF77E21F8997 for <int-area@ietfa.amsl.com>; Fri, 9 Sep 2011 02:30:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.576
X-Spam-Level:
X-Spam-Status: No, score=-102.576 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gN0pfNDcI04n for <int-area@ietfa.amsl.com>; Fri, 9 Sep 2011 02:29:59 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 83BC821F87FA for <int-area@ietf.org>; Fri, 9 Sep 2011 02:29:59 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) by mx.elandsys.com (8.14.4/8.14.5) with ESMTP id p899VkeB004098; Fri, 9 Sep 2011 02:31:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1315560713; bh=sk+oc9IW9YdTAz9V5xiYv3IaDqAJGv12/OoDYS3ENRk=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=Cj9nhtKtky69Esy+tlXoUBHDYhg9Lxgy/A89hcjoQE5WvlJVSnbfZ+BE5AO9d9TrV ZhAamj3w7bOLllFBgzf2pdBCAjw2gFrQp6fRahOWYkgLAcNEf8Yd3Old8A5ocvNFOI DQeOywne464ao+4sx1Fys2IR6fREwDn1n5+SxzIs=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1315560713; bh=sk+oc9IW9YdTAz9V5xiYv3IaDqAJGv12/OoDYS3ENRk=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=1DLVvbumbLGIEpSwRnIbpzXihNhSskKt5NJnHG8OhO90tK1zwUeyFnXwrxQBzcuRW 2JDJ3DKTsRNkSzUfj43y8f0cHCB7HmpX74JZK31O9vM7Y77YbWg5Fy3m4fzfIodFFg tksvmIUPRbUaW7cUHx/fEJz7bpX4sZCPjXZo+Uck=
Message-Id: <6.2.5.6.2.20110909005310.0a0cd030@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Fri, 09 Sep 2011 02:28:33 -0700
To: mohamed.boucadair@orange-ftgroup.com
From: SM <sm@resistor.net>
In-Reply-To: <94C682931C08B048B7A8645303FDC9F351674478BB@PUEXCB1B.nanter re.francetelecom.fr>
References: <Your message of Tue, 06 Sep 2011 16:37:19 PDT. <06f201cc6ced$f0d14fc0$d273ef40$@com> <201109081729.p88HTVnc092622@givry.fdupont.fr> <6.2.5.6.2.20110908113731.0a218a98@resistor.net> <94C682931C08B048B7A8645303FDC9F351674478BB@PUEXCB1B.nanterre.francetelecom.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: int-area@ietf.org
Subject: Re: [Int-area] IPv4 address sharing abuse [was RE: draft-boucadair-intarea-nat-reveal-analysis]
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2011 09:30:02 -0000

Dear Med,
At 22:41 08-09-2011, mohamed.boucadair@orange-ftgroup.com wrote:
>The HOST_ID can enclose the origin source IPv4 address, IPv6 
>address, IPv6 prefix, vlan, random value, etc. The only requirement 
>on the HOST_ID is as mentioned in the I-D:
>
>         "It must be unique to each host under the same
>         IP address.  It does not need to be globally unique.  Of course,
>         the combination of the (public) IPv4 source address and the
>         identifier (i.e., HOST_ID) ends up being relatively unique.  As
>         unique as today's 32-bit IPv4 addresses which, today, can change
>         when a host re-connects."
>
>As such the HOST_ID does not reveal other information than the 
>source IP address if there is no NAT in the path.
>
>
>According to draft-morris-privacy-considerations-03,
>
>    "The following list contains examples of information that may be
>    considered personal data:
>
>    o  Name
>
>    o  Address information
>
>    o  Phone numbers, email addresses, SIP/XMPP URIs, other identifiers
>
>    o  IP and MAC addresses or other host-specific persistent identifiers
>       that consistently links to a particular person or small, well-
>       defined group of people
>
>    o  Information identifying personally owned property, such as vehicle
>       registration number"
>
>IP addresses and host-specific persistent identifiers are on the 
>same level and may be considered as personal data. This is why we 
>have the following in the draft:

I'll mention the paragraph below the one you quoted:

   "Searching only for those example as an indication for the need of
    privacy is, however, insufficient given that the list above is
    constantly growing and depends very much on the context.  An
    information element may not be sensitive in one context but
    considered very sensitive in another."

Identifiers are used in different protocols.  Some of the identifiers 
in the list mentioned above are necessary for the protocol to fulfill 
its intended function.  If we are talking about IP addresses, it is 
important to take into account the context in which it is being 
used.  In the draft, the identifier is being added by an 
intermediary.  And that is where it can become problematic.

>   "If the HOST_ID is persistent it may be used to track a host (similar to
>    persistent IP addresses)."

draft-boucadair-intarea-nat-reveal-analysis discusses about 
identification and addressing abuse issues and defines a HOST_ID 
identifier.  The discussion about privacy can be summarized as an 
analogy with source IP addresses.  You are saying that the HOST_ID 
can be an issue only if it is persistent.  I suggest that you give 
some thought to context and also the consent angle.

At 23:03 08-09-2011, mohamed.boucadair@orange-ftgroup.com wrote:
>Med: Just a 
>clarification,  draft-boucadair-intarea-nat-reveal-analysis does not 
>argue in favor of mandating the use of a HOST_ID  or not. It only 
>documents encountered issues, proposed solutions and their 
>limitations. Doing so would (hopefully) help IETF making a

BTW, the problem statement (Section 1.1) needs some more work.  The 
problem to be solved is not stated clearly.

>recommendation on the next steps in this area. Examples of next 
>steps may include:
>
>(1) Recommend a solution?:  but individual solutions need to discuss 
>potential impact on performance, mis-usage of the solution to reveal 
>other "sensitive" information, etc.

There is a privacy mailing list.  You could ask for some feedback 
about how the proposal affects privacy.  I don't know how helpful it 
may be as that list is not very active.

>(2) Add a conclusion to say: "IETF has documented the issues 
>(RFC6269) and has analyzed solution candidates but IETF believes CGN 
>should stay evil"?: The risk is the emergence of proprietary solutions.

Although I have an opinion about CGNs, I won't say it is "evil" as 
the discussion won't have a constructive tone then.

>(3) Add a statement like "IPv6 will solve this?": but this does not 
>mitigate the service brokenness to be encountered by subscribers 
>when address sharing will be deployed at large. The issues are also 
>valid for NAT64, etc.

IPv6 is not really a solution to everything.  It would be argued that 
someone designed a technology without giving adequate consideration 
to how it will break existing services; i.e. solving a problem at one 
layer while pushing other problems to higher layers.

BTW, you discussed about traceability in RFC 6269.  This draft takes 
a different approach.  It's not that it is the "wrong" approach.  It 
injects an intractable problem into the discussion.

Regards,
-sm

v2.23.0 | Report a Bug | By Email