IETF Logo Mail Archive

Re: [Int-area] request to consider sponsoring http://tools.ietf.org/html/draft-boucadair-intarea-host-identifier-scenarios-04

"Reinaldo Penno (repenno)" <repenno@cisco.com> Fri, 07 March 2014 21:47 UTC

Return-Path: <repenno@cisco.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EACD91A0111; Fri, 7 Mar 2014 13:47:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.048
X-Spam-Level:
X-Spam-Status: No, score=-15.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rI0AYfdR2pmK; Fri, 7 Mar 2014 13:47:13 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4551A0114; Fri, 7 Mar 2014 13:47:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3803; q=dns/txt; s=iport; t=1394228824; x=1395438424; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=VAMVQ1vsom+uTpfzVf783YXl8SBtbx8UdXs6HuFPyhU=; b=PLaThKfW9KEj+0hxQ0YBjIusoyeUG1HF+jVpFp6/sDdszWuIxy0wZyNV rTpBBV9pB7erBTJIAgQWNh6VhluduCIRVXBoNN4Ber/NSA+etVWzJ30ns E6F43tA4sO6HvuZcSbmfx9C+MmghsofB9ZqkEHDhsz8RVvYNGe5kke8Tl Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgMFAOM9GlOtJXG9/2dsb2JhbABagwY7V8EvgRgWdIIlAQEBBAEBATc0CxIBCBgeBSwGCyUCBAENBRQHh0oDEQ3IfQ2HBReMRIIXB4Q4BJZWgW2BMosxhUiBb4E+gis
X-IronPort-AV: E=Sophos;i="4.97,610,1389744000"; d="scan'208";a="308908664"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by rcdn-iport-4.cisco.com with ESMTP; 07 Mar 2014 21:46:51 +0000
Received: from xhc-rcd-x07.cisco.com (xhc-rcd-x07.cisco.com [173.37.183.81]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id s27Lkpdb007078 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 7 Mar 2014 21:46:51 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.27]) by xhc-rcd-x07.cisco.com ([173.37.183.81]) with mapi id 14.03.0123.003; Fri, 7 Mar 2014 15:46:50 -0600
From: "Reinaldo Penno (repenno)" <repenno@cisco.com>
To: "Dan Wing (dwing)" <dwing@cisco.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Thread-Topic: [Int-area] request to consider sponsoring http://tools.ietf.org/html/draft-boucadair-intarea-host-identifier-scenarios-04
Thread-Index: AQHPOkQzjf1CMpEzwkWdDy31zqoz5prWB3SA
Date: Fri, 07 Mar 2014 21:46:51 +0000
Message-ID: <CF3F7DA1.A0C2%repenno@cisco.com>
In-Reply-To: <2CF311E1-929B-4847-A98E-BC495B526D5E@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.3.120616
x-originating-ip: [10.21.116.43]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <019BF8D951EDE54790C5BD82E543ED1D@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/int-area/XpT-Qro7u0udl0srvRnrAnYp9WI
Cc: "hiaps@ietf.org" <hiaps@ietf.org>, Internet Area <int-area@ietf.org>, "draft-boucadair-intarea-host-identifier-scenarios@tools.ietf.org" <draft-boucadair-intarea-host-identifier-scenarios@tools.ietf.org>
Subject: Re: [Int-area] request to consider sponsoring http://tools.ietf.org/html/draft-boucadair-intarea-host-identifier-scenarios-04
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Mar 2014 21:47:15 -0000

There are several paid VPN services that provide anonymity through
addresses sharing. This is becoming more and more popular these days.

It is public to public translation where you get a shared IP address on
purpose. This is not for attack purposes but just to reduce tracking by
third-parties. 

I would think that people interested in these services will continue to
use them but public IPv6 to public IPv6.

On 3/7/14, 12:31 PM, "Dan Wing (dwing)" <dwing@cisco.com> wrote:

>
>On Mar 6, 2014, at 6:03 PM, Brian E Carpenter
><brian.e.carpenter@gmail.com> wrote:
>
>> a) Since this is fixing some of the damage done by NAT, it's
>> really unfinished business for BEHAVE, which if iirc was a
>> Transport Area WG. Just saying...
>> 
>> b) The word "privacy" doesn't appear in the draft. Discussing
>> privacy aspects is clearly essential if there is any thought of
>> advancing this work. Actually I doubt if such a host ID is ever
>> going to be acceptable from a privacy point of view, unless the
>> end system is at liberty to change it at random (like RFC 4941).
>
>I interpret your statement to mean that address sharing is a desirable
>security property.  If that interpretation is correct, where does that
>leave IPv6?
>
>
>> c) A hard-nosed argument is that since we want to sunset IPv4,
>> it's time to stop working on ways of making NAT solutions work
>> better. Is there anything in the use cases that can't be fixed by
>> native IPv6?
>
>Yes, attackers won't move to IPv6 if IPv4 provides them a superior way to
>hide their activities.  There are attackers already using IPv4 CGN to
>obfuscate themselves.
>
>-d
>
>
>> 
>> (The use case in expired draft
>> http://tools.ietf.org/html/draft-sarikaya-fmc-prefix-sharing-usecase-01
>> is not at all convincing to me, especially when adding the privacy
>> argument. It actually seems to describe a bug in 3GPP. But in any case,
>> the draft appears to suggest mitigations.)
>> 
>> Regards
>>   Brian
>> 
>> On 07/03/2014 05:28, joel jaeggli wrote:
>>> Greetings int-area and hiaps-mailing-list folks,
>>> 
>>> I realize that this is midweek at the IETF, however this question is
>>>not
>>> far from several discussions I've had this week.
>>> 
>>> I have been asked to consider AD sponsoring
>>> 
>>>http://tools.ietf.org/html/draft-boucadair-intarea-host-identifier-scena
>>>rios-04
>>> 
>>> In the process of  considering doing so I'd like to get some input with
>>> respect to:
>>> 
>>> A. The appetite for pursuing some or any of this work in existing
>>> working groups, and in particular within the INT area.
>>> 
>>> B. A consensus basis for moving beyond RFC 6269 into active work in
>>>this
>>> area.
>>> 
>>> C. How we address concerns raised by the IETF community expressed
>>> through  draft-farrell-perpass-attack when evaluating scenarios and
>>> beginning to address requirements and solution-space.
>>> 
>>> Obviously these are complex questions and I do not expect that we will
>>> arrive at answers easily nor does work on this or other drafts depend
>>>on
>>> answering them, however it's part of the dialog.
>>> 
>>> Thanks
>>> joel
>>> 
>>> 
>>> 
>>> 
>>>------------------------------------------------------------------------
>>> 
>>> _______________________________________________
>>> Int-area mailing list
>>> Int-area@ietf.org
>>> https://www.ietf.org/mailman/listinfo/int-area
>> 
>> _______________________________________________
>> Int-area mailing list
>> Int-area@ietf.org
>> https://www.ietf.org/mailman/listinfo/int-area
>
>_______________________________________________
>Int-area mailing list
>Int-area@ietf.org
>https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email