Re: [pcp] Do we need to provide the confidentiality protection for PCP?
Dave Thaler <dthaler@microsoft.com> Tue, 04 March 2014 10:25 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A04EE1A052E for <pcp@ietfa.amsl.com>; Tue, 4 Mar 2014 02:25:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.602
X-Spam-Level:
X-Spam-Status: No, score=-102.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StsukR0M9hc2 for <pcp@ietfa.amsl.com>; Tue, 4 Mar 2014 02:25:13 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0209.outbound.protection.outlook.com [207.46.163.209]) by ietfa.amsl.com (Postfix) with ESMTP id 762E51A04E8 for <pcp@ietf.org>; Tue, 4 Mar 2014 02:25:12 -0800 (PST)
Received: from BY2PR03MB412.namprd03.prod.outlook.com (10.141.141.25) by BY2PR03MB597.namprd03.prod.outlook.com (10.255.93.37) with Microsoft SMTP Server (TLS) id 15.0.888.9; Tue, 4 Mar 2014 10:25:01 +0000
Received: from BY2PR03MB412.namprd03.prod.outlook.com ([10.141.141.25]) by BY2PR03MB412.namprd03.prod.outlook.com ([10.141.141.25]) with mapi id 15.00.0888.003; Tue, 4 Mar 2014 10:25:01 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Ted Lemon <ted.lemon@nominum.com>, "Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com>
Thread-Topic: [pcp] Do we need to provide the confidentiality protection for PCP?
Thread-Index: AQHPNlO03LGY8NjG80mFXSzlWJI8hZrOQBMAgAJ6RlA=
Date: Tue, 04 Mar 2014 10:25:00 +0000
Message-ID: <db15174540304d738babd7277234fdcb@BY2PR03MB412.namprd03.prod.outlook.com>
References: <C72CBD9FE3CA604887B1B3F1D145D05E7BC360D3@nkgeml507-mbs.china.huawei.com> <92D67844-CD31-4D1B-BDE7-DC3350A1C1E6@nominum.com>
In-Reply-To: <92D67844-CD31-4D1B-BDE7-DC3350A1C1E6@nominum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:67c:370:160:ad6f:1d4f:d76e:21d2]
x-forefront-prvs: 01401330D1
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(13464003)(52314003)(57704003)(51704005)(24454002)(199002)(189002)(377454003)(93136001)(76576001)(74662001)(87266001)(76786001)(81816001)(15975445006)(87936001)(33646001)(74876001)(31966008)(54316002)(92566001)(51856001)(93516002)(83322001)(86362001)(19580395003)(53806001)(19580405001)(76482001)(56776001)(74502001)(76796001)(94316002)(85852003)(90146001)(74706001)(56816005)(80976001)(2656002)(74316001)(85306002)(49866001)(95666003)(80022001)(65816001)(81342001)(4396001)(46102001)(47736001)(47976001)(81686001)(59766001)(50986001)(74366001)(77982001)(79102001)(95416001)(86612001)(54356001)(63696002)(83072002)(69226001)(81542001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB597; H:BY2PR03MB412.namprd03.prod.outlook.com; CLIP:2001:67c:370:160:ad6f:1d4f:d76e:21d2; FPR:BEC8C1FF.AFCE97D2.7DF2B16F.5EE5D1C0.2035F; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (: microsoft.com does not designate permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/pcp/jcBLB5ERyqTYhe6LHKHVTh7z3vk
Cc: "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] Do we need to provide the confidentiality protection for PCP?
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Mar 2014 10:25:15 -0000
My comment to Dacheng was that for most things, it's probably not important because the 5-tuple is already visible in the packets of the actual communication. The only possible exception that came to mind was the PCP DESCRIPTION option. The security considerations section of that document (currently in the RFC editor queue) already says this: > If the PCP client and the PCP server are not under the same > administrative entity, the DESCRIPTION option has the potential to > leak privacy-related information. PCP clients should not use > DESCRIPTION option for such leakage. For example, the option should > not be used to include user identifiers, locations, or names. Refer > to Section 3.2 of [RFC6462] for a discussion on information leakage. -Dave > -----Original Message----- > From: pcp [mailto:pcp-bounces@ietf.org] On Behalf Of Ted Lemon > Sent: Sunday, March 2, 2014 8:31 PM > To: Zhangdacheng (Dacheng) > Cc: pcp@ietf.org > Subject: Re: [pcp] Do we need to provide the confidentiality protection for > PCP? > > On Mar 2, 2014, at 8:12 PM, Zhangdacheng (Dacheng) > <zhangdacheng@huawei.com> wrote: > > Thoughts? > > I think it would be the same argument you'd make for DHCP, since the scope > of transit is sort of similar, and the ad-hoc nature of the protocols are quite > similar: you can't count on a pre-shared key. There are certainly arguments > to be made in favor of it, but the question is, can you realistically do it? > > I think it's not the highest priority, because a lot of the things we'd be > concerned about don't matter within the expected scope. pcp packets > typically won't wind up hitting remote servers, and won't be correlatable. > Information in the packets is available on the local link anyway, although > perhaps more work to collect. > > But it's definitely worth thinking about. You might want to ask on the > perpass mailing list for someone who is knowledgable enough to talk it > through with you. > > _______________________________________________ > pcp mailing list > pcp@ietf.org > https://www.ietf.org/mailman/listinfo/pcp
- [pcp] Do we need to provide the confidentiality p… Zhangdacheng (Dacheng)
- Re: [pcp] Do we need to provide the confidentiali… Ted Lemon
- Re: [pcp] Do we need to provide the confidentiali… Dave Thaler