Re: [lisp] [Ideas] WG Review: IDentity Enabled Networks (ideas)
Tom Herbert <tom@herbertland.com> Thu, 02 November 2017 15:30 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8B9513F82F for <lisp@ietfa.amsl.com>; Thu, 2 Nov 2017 08:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HOvcSszJXHI6 for <lisp@ietfa.amsl.com>; Thu, 2 Nov 2017 08:30:15 -0700 (PDT)
Received: from mail-ua0-x241.google.com (mail-ua0-x241.google.com [IPv6:2607:f8b0:400c:c08::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 891ED139680 for <lisp@ietf.org>; Thu, 2 Nov 2017 08:30:12 -0700 (PDT)
Received: by mail-ua0-x241.google.com with SMTP id v27so4246599uav.7 for <lisp@ietf.org>; Thu, 02 Nov 2017 08:30:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0YDnVodjsKJZ2cUlNPs3xCRZ2v1Gqd4oIuQfAYOb0UA=; b=aQP8Ld6FPuvOoizzw+kIms8wQEteGVMMoLsRFy2NgH/9zAG4fNj5cTBBz8iwgS5CMy FqZR2m9r3ZPYrFzKdcOPUgCU0K/M9lmF8G83O/s10V4JFcqzoykaFX4GCmVgj5xyEbn9 lk0cceqw9LBB8ZwbGL9JjSTZoJ4HM2WdhUjluwI8uVdqky7u7DHuoNnX3+ruIM9UUkwt UNBgJVt6KKSO0KbWhEbYERUmNzEpzIpiE11V2DTl3ZW69w/FMdWDsbDyvj7dZao119Eo pvL4JM/L+1Pp5tv786YrPidQsBFP/NfXNxGg7C0sTXMuvtSNAQVIE1x6k2j9lixm/OXa mHIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0YDnVodjsKJZ2cUlNPs3xCRZ2v1Gqd4oIuQfAYOb0UA=; b=N98cGlybm47aBUVCkzubZZXCTw0c7IpuzYgfVoNbx3fEbfzeCpRnMt1RyZQ5KtSECe pvYXVrvEzFmBb0wXzeSpp38Z+xG4w9gTiEWxcEs6/NmZyCqPLdydUhMJz4keWTYVOQOd UIuSrf6iqODg8dq20q6SOmdQ5Pjs9is6NyVpodKcYsEblLmRTFFt6YClJzPzAplqQww5 fLgnEFp060bOKSx/SGFAuepama+jlAA3SoOqiWpBIksUwaDdKg0MqKK2js21mnk/5fvm uU3SDxQJyoyZ05SL1Y2opRqZVgsSIDLz1F9RCGoMrSjfVLdMGvijb/65TbMAKiybM3AI Plfg==
X-Gm-Message-State: AMCzsaUtdFm7ewVfHq2Tr1eqx4NMEtIy1naDFtl7abng2D0elglHgTcr IX7CEj65IGDAsGu6HlJc0O0SYv957RIthkHQL5htUQ==
X-Google-Smtp-Source: ABhQp+SaVrAbsJKwiDzMP1+5KlJmpV1k4uBCkBZpvil031q2Iy+MRpGrmCvZ8oxQFGIW2i8WWmHjAxDaqOr8QxeJuLA=
X-Received: by 10.176.83.206 with SMTP id l14mr3297045uaa.167.1509636611570; Thu, 02 Nov 2017 08:30:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.69.4 with HTTP; Thu, 2 Nov 2017 08:30:11 -0700 (PDT)
In-Reply-To: <20171101172146.GA12437@faui40p.informatik.uni-erlangen.de>
References: <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <644DA50AFA8C314EA9BDDAC83BD38A2E0EAA7204@sjceml521-mbx.china.huawei.com> <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie> <0BA14206-DC82-49EF-A625-B2425FA396F6@gmail.com> <1f254140-1340-6c7d-9c73-e7137562c685@gmail.com> <fa644cc2-161f-8884-3445-2b50d2c2ad23@htt-consult.com> <cf2ca920-f2d2-b65e-05eb-ebe3c30b76d1@huitema.net> <CAG-CQxrdS9L+2+bN=1NcPGuztn4U4OwSWUiNaVcS9Bsm2mtpfA@mail.gmail.com> <b18459d1-7ce1-b83d-787d-9066267d584b@huitema.net> <20171101172146.GA12437@faui40p.informatik.uni-erlangen.de>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 02 Nov 2017 08:30:11 -0700
Message-ID: <CALx6S34Bkv4ipyA5si4KkW7VaYU6A=3=cPpRo_ss00H+vDms-w@mail.gmail.com>
To: Toerless Eckert <tte@cs.fau.de>
Cc: Christian Huitema <huitema@huitema.net>, Padma Pillay-Esnault <padma.ietf@gmail.com>, "ietf@ietf.org" <ietf@ietf.org>, "ideas@ietf.org" <ideas@ietf.org>, Dino Farinacci <farinacci@gmail.com>, "lisp@ietf.org list" <lisp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/drkf7qhrd5oi4ezEgDOshBInJsI>
Subject: Re: [lisp] [Ideas] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 15:30:17 -0000
On Wed, Nov 1, 2017 at 10:21 AM, Toerless Eckert <tte@cs.fau.de> wrote: > On Wed, Oct 11, 2017 at 12:34:19PM -0700, Christian Huitema wrote: >> Some thing you should be hearing is that "long term identity of device" >> has almost the same privacy properties as "long term identity of the >> device's owner". You may think that identifying a random piece of >> hardware is no big deal, but it turns out that the network activity and >> network locations of that piece of hardware can be associated to those >> of its human owner. So you need the same kind of protection for these >> device identifiers as for human identifiers. > > Sure, but i don't think it can be generalized: > > There will be more and more non-individually owned nodes in public and > corporate infrastructures where requirements will be quite different > from those derived from individual human privacy. > Toerless, That maybe true, but personal devices, such as smart phones and cars that are associated with individuals, are hardly going away anytime soon. How addresses are assigned to these devices has a material impact on individual privacy. Even right now there are two long threads on v6ops right now that are delving precisely into privacy of IPv6 addresses that may be relevant. This includes discussion about CGNAT and efforts by some governments to illegalize it because the privacy it gives is too strong for law enforcement. > If lets say those long term identifiers do not provide good human > privacy protection but good communications security properties and > managed transpacency for regulators then they could still be a great > benefit for those class of nodes. > > [rant] > > Trying to get more privacy into network layer is like making > tobacco more organic. You can get buried in the organic section > of the graveyard after you die of lung cancer. Great success! > > Aka: Where is the IETF on any warnings, architectures or recommendations > on the actual application layer: > Maybe there should be something like that. But, not unlike security, if the goal is to derive a system with good privacy characteristics then privacy should be considered at every layer including the networking layer. Tom
- [lisp] Fwd: WG Review: IDentity Enabled Networks … Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Stephen Farrell
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Brian E Carpenter
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Tom Herbert
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Robert Moskowitz
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Christian Huitema
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Padma Pillay-Esnault
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Alexander Clemm
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Christian Huitema
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Sam Sun
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Randy Bush
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Toerless Eckert
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Tom Herbert
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Toerless Eckert
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Tom Herbert
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… John C Klensin
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Toerless Eckert