IETF Logo Mail Archive

Re: [lisp] Fwd: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

"Michiel Blokzijl (mblokzij)" <mblokzij@cisco.com> Mon, 09 September 2013 10:28 UTC

Return-Path: <mblokzij@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E68EA21E815E for <lisp@ietfa.amsl.com>; Mon, 9 Sep 2013 03:28:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7lfU-vs-LnZQ for <lisp@ietfa.amsl.com>; Mon, 9 Sep 2013 03:28:42 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id B54B611E81B9 for <lisp@ietf.org>; Mon, 9 Sep 2013 03:28:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5370; q=dns/txt; s=iport; t=1378722516; x=1379932116; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=MX9BJftY7QcMeQ680m+DI2NutYJelR1ZyQyBEbBOF7w=; b=jORyl8HhryORIz8/96COD76pFbhseuoSTXEM2j0jQqDc3pjssbsAdY4O ANnaUOHl1ZlPY+hFXO718PtBPIbyLR0FmpHNO4FMmD6yNir5qHl5CVA/6 /A6ZQcE3kxxj000cGhWDoUo2qnCzKsS1eyJ/0fybKq2+YUUfJREbfQVPx Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhQFAM+hLVKtJV2Z/2dsb2JhbABSCYMHOFHCFYEgFnSCJQEBAQQBAQE3NAsSAQgYChQFMgslAgQBDQUIEYdpDMUABI4+gRExB4MdgQADqVuBY4E9gWgkHg
X-IronPort-AV: E=Sophos;i="4.90,866,1371081600"; d="scan'208";a="257263923"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-5.cisco.com with ESMTP; 09 Sep 2013 10:28:33 +0000
Received: from xhc-aln-x05.cisco.com (xhc-aln-x05.cisco.com [173.36.12.79]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r89ASWgG006398 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 9 Sep 2013 10:28:32 GMT
Received: from xmb-aln-x12.cisco.com ([169.254.7.246]) by xhc-aln-x05.cisco.com ([173.36.12.79]) with mapi id 14.02.0318.004; Mon, 9 Sep 2013 05:28:32 -0500
From: "Michiel Blokzijl (mblokzij)" <mblokzij@cisco.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, Dino Farinacci <farinacci@gmail.com>
Thread-Topic: [lisp] Fwd: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
Thread-Index: AQHOrTs7YdAS7j266E2D9Mp+k4WMkpm9mM6A
Date: Mon, 09 Sep 2013 10:28:32 +0000
Message-ID: <4ABB752A36221949A095CDE2C6DBB1C80982F67D@xmb-aln-x12.cisco.com>
In-Reply-To: <522D8E6A.6080606@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.6.130613
x-originating-ip: [64.103.106.107]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <F0738F4583D0F1489ECAC0CB89986908@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Noel Chiappa <jnc@mercury.lcs.mit.edu>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Fwd: decentralization of Internet (was Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 10:28:54 -0000

Even in the case where the ITR is on the CPE we might be able to do better.

For IPv6 RLOCs, we could use temporary IPv6 addresses (IPv6 privacy
extension, rfc4941 I think) as the RLOCs in outgoing packets. That way,
you couldn't discover the EID by doing a "reverse lookup" on the RLOC in
the mapping system.

This would be especially useful if the IPv6 prefix on your uplink is used
on a multipoint link, if it's just used on a point-to-point link it's a
bit pointless :)

Best regards,

Michiel

On 09/09/2013 10:01, "Joel M. Halpern" <jmh@joelhalpern.com> wrote:

>Doesn't this depend upon where the ITR is?
>If, as is usually proposed, the ITR is a piece of CPE, then it will hide
>the content of my message (good), and my individual EID (okay), but it
>won't hide which site is sending the packet, which is an awful lot of
>information.
>
>Also, moving the ITR to the PE router merely means that all the
>information is collectible at that point.  And we have observable data
>that collectible => will be collected.
>
>Yours,
>Joel
>
>On 9/8/13 10:15 PM, Dino Farinacci wrote:
>>> Hello Noel,
>>>
>>>> Err, that would get the address and name of the ITR, not the actual
>>>>source
>>>> host.
>>>
>>> this thread started with a subject of how to save the Internet from the
>>> all-powerful agencies. Lisp was not invented to hide your identity,
>>> it's only separating it from the location - this doesn't mean the
>>> location information cannot reveal your (real life) identity. At the
>>> end the agencies want your name, not your (inner) IP address.
>>
>> Marc, you may have not followed Noel's point. Let me explain with more
>>detail.
>>
>> (1) I sit at a LISP site, I have an EID assigned to me. I want to send
>>packet and don't want anyone in the core to know I am sending.
>>
>> (2) My EID comes out of an EID-prefix that is assigned to the site I
>>currently reside in. There are a pair of ITRs that encapsulate traffic
>>for packets I source.
>>
>> (3) When I source packets, my EID is known by routers inside of the
>>site, but when the packet hits the ITR, the ITR will encrypt the entire
>>packet it is about to encapsulate. So the outer IP header, the UDP
>>header, and the LISP header is sent in the clear. Everything after the
>>LISP header is encrypted.
>>
>> (4) I propose that the ITR use a public-key stored in the mapping
>>database. It does not need to be protected during transport. The only
>>parties that have the private-key the ETRs at the destination site (and
>>you can h a public/private pair per ETR).
>>
>> (5) Men in the middle cannot decrypt the encapsulated packet because
>>they don't have the private key and it is never transmitted on the
>>network. All they know is that a packet came from some site that is
>>connected to ISP foobar. So what, that is coarse information.
>>
>> (6) The key is obtained by the ITR the same time it is getting the RLOC
>>address for encapsulation. Both come together and if the EID or *key*
>>changes, we treat it as a mobility event where a new registration is
>>sent to the mapping database to advertise a new RLOC address and/or a
>>new key.
>>
>> This is pretty simple. Yes it is slow. But so what. We can throw
>>hardware technology at it or we can have th math guys come up with as
>>good but less expensive algorithms.
>>
>>> If the xTR is close to you, e.g. your DSL router runs the xTR, then the
>>> locator is effectively a 1:1 mapping to your identity. If the xTR is
>>> your office branch router, well, then we have already  (a) a router to
>>> try to break in  and (b) a physical office location to look for you.
>>
>> It's not all that simple. EIDs can roam around. So if the RLOC at my
>>house is encapsulating packets because you came over for dinner, it
>>isn't me that is sourcing. I might be blamed for your wrong-doing, but
>>all I would say is "I only live there".   ;-)
>>
>> Dino
>>
>>> And if the xTR is further away from your Internet connection point then
>>> chances are you can get wire-tapped on your way to/from the xTR, i.e.
>>> Lisp would not help you at all.
>>>
>>> That's all I wanted to say with my statement about "static setups".
>>>
>>>
>>> Complete different story is if Lisp could make encryption e.g. between
>>> company office sites much easier, more scalable etc.. Independent from
>>> the original subject that would be a real benefit.
>>>
>>>
>>> Regards, Marc
>>>
>>>
>>>>
>>>> Depending on all sorts of factors, that plus the encrypted packet
>>>> _might_ get
>>>> them the identity of the actual originator (not, for example, if the
>>>>ITR has
>>>> discarded the key used to encrypt the packet by the time the subpoena
>>>> arrives...)
>>>>
>>>> 	Noel
>>>> _______________________________________________
>>>> lisp mailing list
>>>> lisp@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/lisp
>>>>
>>> _______________________________________________
>>> lisp mailing list
>>> lisp@ietf.org
>>> https://www.ietf.org/mailman/listinfo/lisp
>>
>> _______________________________________________
>> lisp mailing list
>> lisp@ietf.org
>> https://www.ietf.org/mailman/listinfo/lisp
>>
>_______________________________________________
>lisp mailing list
>lisp@ietf.org
>https://www.ietf.org/mailman/listinfo/lisp

v2.23.0 | Report a Bug | By Email