IETF Logo Mail Archive

Re: [lisp] Fwd: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Dino Farinacci <farinacci@gmail.com> Mon, 09 September 2013 16:43 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE0E221F9E63 for <lisp@ietfa.amsl.com>; Mon, 9 Sep 2013 09:43:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1jZgxcym1B1d for <lisp@ietfa.amsl.com>; Mon, 9 Sep 2013 09:43:23 -0700 (PDT)
Received: from mail-pa0-x22b.google.com (mail-pa0-x22b.google.com [IPv6:2607:f8b0:400e:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 3E64921F9D87 for <lisp@ietf.org>; Mon, 9 Sep 2013 09:43:23 -0700 (PDT)
Received: by mail-pa0-f43.google.com with SMTP id hz10so6470272pad.2 for <lisp@ietf.org>; Mon, 09 Sep 2013 09:43:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+F80JEYqdq3+xFdeQ5GQrvpMf56ubSxHtfC6cMCMpKE=; b=KqUfRht81IAM8hztUqeYuvrmeS7YW2wt5JhjAEiJuUYjzqNEXYWpPfhg+3qZ2RCqea 8M6PCzsZbKWxq2x749dK9h62fI+qujyOSsv9/aNzvhuEbqxND4AUWPyKIJqLE4vrFlPQ BaCxH8pEo1WFAfS2BPPopBbPacOuD5XwiOF9arRef3ved9hzan6TSQzDC6JAVoE7kFdf iLe6YzbCmVsT/AJdTofMokEWvxdA6EIltzLcNb8JiIHOSWlSri+UxLC1AcNLnoX6ECgB PjbDtzRRtES8Mz2J2DCgYwieEnKcX7k59KmqYUFIFe+Hz2g8/vkJ58gCklRsFbE10fZb hlVQ==
X-Received: by 10.68.196.2 with SMTP id ii2mr20491590pbc.86.1378745002835; Mon, 09 Sep 2013 09:43:22 -0700 (PDT)
Received: from [192.168.1.115] ([207.145.253.66]) by mx.google.com with ESMTPSA id fk4sm18629345pab.23.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 09 Sep 2013 09:43:21 -0700 (PDT)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <522D8E6A.6080606@joelhalpern.com>
Date: Mon, 09 Sep 2013 09:43:24 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <DB958511-4F09-4187-A050-C84D947EDDDE@gmail.com>
References: <20130908140433.D217D18C0CE@mercury.lcs.mit.edu> <20130908225014145860.20554ab8@sniff.de> <685A7A7F-53DD-4718-B1A5-659CDE723E2F@gmail.com> <522D8E6A.6080606@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.1508)
Cc: Noel Chiappa <jnc@mercury.lcs.mit.edu>, lisp@ietf.org
Subject: Re: [lisp] Fwd: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 16:43:24 -0000

> Doesn't this depend upon where the ITR is?
> If, as is usually proposed, the ITR is a piece of CPE, then it will hide the content of my message (good), and my individual EID (okay), but it won't hide which site is sending the packet, which is an awful lot of information.

Like I said, it depends on the granularity of hiding.

> Also, moving the ITR to the PE router merely means that all the information is collectible at that point.  And we have observable data that collectible => will be collected.

Right which I would not suggest.

It looks like Crowcroft's source-less packets is the direction people may want to go?

Dino

> 
> Yours,
> Joel
> 
> On 9/8/13 10:15 PM, Dino Farinacci wrote:
>>> Hello Noel,
>>> 
>>>> Err, that would get the address and name of the ITR, not the actual source
>>>> host.
>>> 
>>> this thread started with a subject of how to save the Internet from the
>>> all-powerful agencies. Lisp was not invented to hide your identity,
>>> it's only separating it from the location - this doesn't mean the
>>> location information cannot reveal your (real life) identity. At the
>>> end the agencies want your name, not your (inner) IP address.
>> 
>> Marc, you may have not followed Noel's point. Let me explain with more detail.
>> 
>> (1) I sit at a LISP site, I have an EID assigned to me. I want to send packet and don't want anyone in the core to know I am sending.
>> 
>> (2) My EID comes out of an EID-prefix that is assigned to the site I currently reside in. There are a pair of ITRs that encapsulate traffic for packets I source.
>> 
>> (3) When I source packets, my EID is known by routers inside of the site, but when the packet hits the ITR, the ITR will encrypt the entire packet it is about to encapsulate. So the outer IP header, the UDP header, and the LISP header is sent in the clear. Everything after the LISP header is encrypted.
>> 
>> (4) I propose that the ITR use a public-key stored in the mapping database. It does not need to be protected during transport. The only parties that have the private-key the ETRs at the destination site (and you can h a public/private pair per ETR).
>> 
>> (5) Men in the middle cannot decrypt the encapsulated packet because they don't have the private key and it is never transmitted on the network. All they know is that a packet came from some site that is connected to ISP foobar. So what, that is coarse information.
>> 
>> (6) The key is obtained by the ITR the same time it is getting the RLOC address for encapsulation. Both come together and if the EID or *key* changes, we treat it as a mobility event where a new registration is sent to the mapping database to advertise a new RLOC address and/or a new key.
>> 
>> This is pretty simple. Yes it is slow. But so what. We can throw hardware technology at it or we can have th math guys come up with as good but less expensive algorithms.
>> 
>>> If the xTR is close to you, e.g. your DSL router runs the xTR, then the
>>> locator is effectively a 1:1 mapping to your identity. If the xTR is
>>> your office branch router, well, then we have already  (a) a router to
>>> try to break in  and (b) a physical office location to look for you.
>> 
>> It's not all that simple. EIDs can roam around. So if the RLOC at my house is encapsulating packets because you came over for dinner, it isn't me that is sourcing. I might be blamed for your wrong-doing, but all I would say is "I only live there".   ;-)
>> 
>> Dino
>> 
>>> And if the xTR is further away from your Internet connection point then
>>> chances are you can get wire-tapped on your way to/from the xTR, i.e.
>>> Lisp would not help you at all.
>>> 
>>> That's all I wanted to say with my statement about "static setups".
>>> 
>>> 
>>> Complete different story is if Lisp could make encryption e.g. between
>>> company office sites much easier, more scalable etc.. Independent from
>>> the original subject that would be a real benefit.
>>> 
>>> 
>>> Regards, Marc
>>> 
>>> 
>>>> 
>>>> Depending on all sorts of factors, that plus the encrypted packet
>>>> _might_ get
>>>> them the identity of the actual originator (not, for example, if the ITR has
>>>> discarded the key used to encrypt the packet by the time the subpoena
>>>> arrives...)
>>>> 
>>>> 	Noel
>>>> _______________________________________________
>>>> lisp mailing list
>>>> lisp@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/lisp
>>>> 
>>> _______________________________________________
>>> lisp mailing list
>>> lisp@ietf.org
>>> https://www.ietf.org/mailman/listinfo/lisp
>> 
>> _______________________________________________
>> lisp mailing list
>> lisp@ietf.org
>> https://www.ietf.org/mailman/listinfo/lisp
>>

v2.23.0 | Report a Bug | By Email