IETF Logo Mail Archive

Re: [lisp] RFC 6830 - possible extension.

Nick Thomas <nick@lupine.me.uk> Wed, 21 August 2013 15:59 UTC

Return-Path: <nick@lupine.me.uk>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EC6811E80FC for <lisp@ietfa.amsl.com>; Wed, 21 Aug 2013 08:59:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jMVODPZP5+OI for <lisp@ietfa.amsl.com>; Wed, 21 Aug 2013 08:59:47 -0700 (PDT)
Received: from bacon.sh.bytemark.co.uk (bacon.sh.bytemark.co.uk [IPv6:2001:41c8:20:862:3::25]) by ietfa.amsl.com (Postfix) with ESMTP id 6E38E11E80E3 for <lisp@ietf.org>; Wed, 21 Aug 2013 08:59:46 -0700 (PDT)
Received: from bytemail.bytemark.co.uk ([212.110.161.227]) by bacon.sh.bytemark.co.uk with esmtp (Exim 4.72) (envelope-from <nick@lupine.me.uk>) id 1VCAoz-0007u3-BP; Wed, 21 Aug 2013 16:59:45 +0100
Received: from eboracum.office.bytemark.co.uk ([89.16.168.152]) by bytemail.bytemark.co.uk with esmtp (Exim 4.72) (envelope-from <nick@lupine.me.uk>) id 1VCAoz-0001jv-7P; Wed, 21 Aug 2013 16:59:45 +0100
Message-ID: <5214E3F0.5050503@lupine.me.uk>
Date: Wed, 21 Aug 2013 16:59:44 +0100
From: Nick Thomas <nick@lupine.me.uk>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130709 Icedove/17.0.7
MIME-Version: 1.0
To: lisp@ietf.org
References: <20130821143058.2317B18C16E@mercury.lcs.mit.edu>
In-Reply-To: <20130821143058.2317B18C16E@mercury.lcs.mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Organization: Bytemark Computer Consulting Ltd. Unit 2, Novus Business Park, Opus Avenue, York, YO26 6BL. Company registered in England and Wales no. 4484629. VAT registration no. GB 135 6159 13.
Subject: Re: [lisp] RFC 6830 - possible extension.
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 15:59:52 -0000

Hi Noel,

(I am subscribed to the list :) )

On 21/08/13 15:30, Noel Chiappa wrote:
>     > From: Nick <nick@lupine.me.uk>
> 
>     >> The impetus for developing it was the Snowden PRISM/XKeyscore
>     >> disclosures - currently, a privacy-conscious ISP can't do much to
>     >> prevent traffic (especially headers) between themselves and another
>     >> privacy-conscious ISP from being snooped on.  Use of RLOCs instead of
>     >> EIDs in the outer IP header means that individual users share an
>     >> anonymity set which is the size of the number of users sharing that
>     >> RLOC. When both source and destination are obscured this way, it
>     >> becomes less "alice and bob are communicating", and more "someone in
>     >> chicago is talking to someone in toronto".
>  
> This sounds quite interesting (although the denizens of certain large
> buildings might be grinding their teeth).

Obviously, it's no magic bullet. It can make the less-intrusive
surveillance methods useless, but They(TM) can always get more
intrusive. Hopefully, the level beyond this - bug every access and
hosting ISP - is intrusive enough that it'll be slapped down, but you
never know.

> All, does this fit within our current charter? If not, something to keep in
> mind if/when we redo the charter.
> 
>     >> Obviously, preserving this anonymity requires the inner IP headers to
>     >> be encrypted
> 
> Wonder if it's worth doing the payload, too? Obviously, that would cost more
> computing, but...

hide-eid currently encrypts the first 512 bytes of the IP packet, or the
whole thing if it's less than that. I was very concerned about the
computational cost of encryption when I made that decision; it may not
actually matter.

Tonight, I'm going to try to get it to scale to gigabit on 4-8 x86_64
cores as-is. I'll see what difference 40 (IP+TCP header) vs 512 vs ~1500
bytes makes on throughput at that level.

Leaving the TCP headers in the clear would permit some correlation
attacks - source and destination port, etc. Encrypting the whole thing
is probably pointless if it's already SSL traffic.

In any real implementation, I'd guess the destination publishes a set of
schemes it's willing to accept with each key it advertises, and the
source tells the destination which scheme it used for each packet sent.
If a whole-packet and a just-protocol-headers scheme were both
advertised, the source *could* select the former for well-known ports
for cleartext services (80, 25) and the latter for well-known ports for
encrypted ones (443, etc). You know, if their hardware is up to it.

Some of the graphs on http://shader.kaist.edu/packetshader/ were very
encouraging, performance-wise :). I don't know how performance degrades
when you're switching between many different encryption contexts (~40K,
worst case?) instead of just the one, though. Nor am I familiar on how
specialised hardware cryptography engines would cope with that scenario.

Rather than me adding "proper L/ISP protocol semantics" to hide-eid, is
there a software implementation that I could work top of instead? "L/ISP
software" is not the most unambiguous search term in the world :)

/Nick

v2.30.2 | Report a Bug | By Email | System Status