IETF Logo Mail Archive

Re: [lisp] [Ideas] WG Review: IDentity Enabled Networks (ideas)

Tom Herbert <tom@herbertland.com> Thu, 02 November 2017 15:30 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8B9513F82F for <lisp@ietfa.amsl.com>; Thu, 2 Nov 2017 08:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HOvcSszJXHI6 for <lisp@ietfa.amsl.com>; Thu, 2 Nov 2017 08:30:15 -0700 (PDT)
Received: from mail-ua0-x241.google.com (mail-ua0-x241.google.com [IPv6:2607:f8b0:400c:c08::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 891ED139680 for <lisp@ietf.org>; Thu, 2 Nov 2017 08:30:12 -0700 (PDT)
Received: by mail-ua0-x241.google.com with SMTP id v27so4246599uav.7 for <lisp@ietf.org>; Thu, 02 Nov 2017 08:30:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0YDnVodjsKJZ2cUlNPs3xCRZ2v1Gqd4oIuQfAYOb0UA=; b=aQP8Ld6FPuvOoizzw+kIms8wQEteGVMMoLsRFy2NgH/9zAG4fNj5cTBBz8iwgS5CMy FqZR2m9r3ZPYrFzKdcOPUgCU0K/M9lmF8G83O/s10V4JFcqzoykaFX4GCmVgj5xyEbn9 lk0cceqw9LBB8ZwbGL9JjSTZoJ4HM2WdhUjluwI8uVdqky7u7DHuoNnX3+ruIM9UUkwt UNBgJVt6KKSO0KbWhEbYERUmNzEpzIpiE11V2DTl3ZW69w/FMdWDsbDyvj7dZao119Eo pvL4JM/L+1Pp5tv786YrPidQsBFP/NfXNxGg7C0sTXMuvtSNAQVIE1x6k2j9lixm/OXa mHIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0YDnVodjsKJZ2cUlNPs3xCRZ2v1Gqd4oIuQfAYOb0UA=; b=N98cGlybm47aBUVCkzubZZXCTw0c7IpuzYgfVoNbx3fEbfzeCpRnMt1RyZQ5KtSECe pvYXVrvEzFmBb0wXzeSpp38Z+xG4w9gTiEWxcEs6/NmZyCqPLdydUhMJz4keWTYVOQOd UIuSrf6iqODg8dq20q6SOmdQ5Pjs9is6NyVpodKcYsEblLmRTFFt6YClJzPzAplqQww5 fLgnEFp060bOKSx/SGFAuepama+jlAA3SoOqiWpBIksUwaDdKg0MqKK2js21mnk/5fvm uU3SDxQJyoyZ05SL1Y2opRqZVgsSIDLz1F9RCGoMrSjfVLdMGvijb/65TbMAKiybM3AI Plfg==
X-Gm-Message-State: AMCzsaUtdFm7ewVfHq2Tr1eqx4NMEtIy1naDFtl7abng2D0elglHgTcr IX7CEj65IGDAsGu6HlJc0O0SYv957RIthkHQL5htUQ==
X-Google-Smtp-Source: ABhQp+SaVrAbsJKwiDzMP1+5KlJmpV1k4uBCkBZpvil031q2Iy+MRpGrmCvZ8oxQFGIW2i8WWmHjAxDaqOr8QxeJuLA=
X-Received: by 10.176.83.206 with SMTP id l14mr3297045uaa.167.1509636611570; Thu, 02 Nov 2017 08:30:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.69.4 with HTTP; Thu, 2 Nov 2017 08:30:11 -0700 (PDT)
In-Reply-To: <20171101172146.GA12437@faui40p.informatik.uni-erlangen.de>
References: <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <644DA50AFA8C314EA9BDDAC83BD38A2E0EAA7204@sjceml521-mbx.china.huawei.com> <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie> <0BA14206-DC82-49EF-A625-B2425FA396F6@gmail.com> <1f254140-1340-6c7d-9c73-e7137562c685@gmail.com> <fa644cc2-161f-8884-3445-2b50d2c2ad23@htt-consult.com> <cf2ca920-f2d2-b65e-05eb-ebe3c30b76d1@huitema.net> <CAG-CQxrdS9L+2+bN=1NcPGuztn4U4OwSWUiNaVcS9Bsm2mtpfA@mail.gmail.com> <b18459d1-7ce1-b83d-787d-9066267d584b@huitema.net> <20171101172146.GA12437@faui40p.informatik.uni-erlangen.de>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 02 Nov 2017 08:30:11 -0700
Message-ID: <CALx6S34Bkv4ipyA5si4KkW7VaYU6A=3=cPpRo_ss00H+vDms-w@mail.gmail.com>
To: Toerless Eckert <tte@cs.fau.de>
Cc: Christian Huitema <huitema@huitema.net>, Padma Pillay-Esnault <padma.ietf@gmail.com>, "ietf@ietf.org" <ietf@ietf.org>, "ideas@ietf.org" <ideas@ietf.org>, Dino Farinacci <farinacci@gmail.com>, "lisp@ietf.org list" <lisp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/drkf7qhrd5oi4ezEgDOshBInJsI>
Subject: Re: [lisp] [Ideas] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 15:30:17 -0000

On Wed, Nov 1, 2017 at 10:21 AM, Toerless Eckert <tte@cs.fau.de> wrote:
> On Wed, Oct 11, 2017 at 12:34:19PM -0700, Christian Huitema wrote:
>> Some thing you should be hearing is that "long term identity of device"
>> has almost the same privacy properties as "long term identity of the
>> device's owner". You may think that identifying a random piece of
>> hardware is no big deal, but it turns out that the network activity and
>> network locations of that piece of hardware can be associated to those
>> of its human owner. So you need the same kind of protection for these
>> device identifiers as for human identifiers.
>
> Sure, but i don't think it can be generalized:
>
> There will be more and more non-individually owned nodes in public and
> corporate infrastructures where requirements will be quite different
> from those derived from individual human privacy.
>
Toerless,

That maybe true, but personal devices, such as smart phones and cars
that are associated with individuals, are hardly going away anytime
soon. How addresses are assigned to these devices has a material
impact on individual privacy. Even right now there are two long
threads on v6ops right now that are delving precisely into privacy of
IPv6 addresses that may be relevant. This includes discussion about
CGNAT and efforts by some governments to illegalize it because the
privacy it gives is too strong for law enforcement.

> If lets say those long term identifiers do not provide good human
> privacy protection but good communications security properties and
> managed transpacency for regulators then they could still be a great
> benefit for those class of nodes.
>
> [rant]
>
> Trying to get more privacy into network layer is like making
> tobacco more organic. You can get buried in the organic section
> of the graveyard after you die of lung cancer. Great success!
>
> Aka: Where is the IETF on any warnings, architectures or recommendations
> on the actual application layer:
>
Maybe there should be something like that. But, not unlike security,
if the goal is to derive a system with good privacy characteristics
then privacy should be considered at every layer including the
networking layer.

Tom

v2.23.0 | Report a Bug | By Email