IETF Logo Mail Archive

Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

Christian Huitema <huitema@huitema.net> Wed, 04 January 2023 19:53 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC141C14F72A for <pearg@ietfa.amsl.com>; Wed, 4 Jan 2023 11:53:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LBrJShwSPMHo for <pearg@ietfa.amsl.com>; Wed, 4 Jan 2023 11:53:54 -0800 (PST)
Received: from mx36-out21.antispamcloud.com (mx36-out21.antispamcloud.com [209.126.121.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D61CAC1522AA for <pearg@irtf.org>; Wed, 4 Jan 2023 11:53:53 -0800 (PST)
Received: from xse266.mail2web.com ([66.113.197.12] helo=xse.mail2web.com) by mx256.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1pD9pc-000I24-RZ for pearg@irtf.org; Wed, 04 Jan 2023 20:53:52 +0100
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4NnKzb2WhGzBhh for <pearg@irtf.org>; Wed, 4 Jan 2023 11:53:47 -0800 (PST)
Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1pD9pb-0006D3-4W for pearg@irtf.org; Wed, 04 Jan 2023 11:53:47 -0800
Received: (qmail 14688 invoked from network); 4 Jan 2023 19:53:46 -0000
Received: from unknown (HELO [192.168.1.104]) (Authenticated-user:_huitema@huitema.net@[172.58.43.64]) (envelope-sender <huitema@huitema.net>) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for <lear@lear.ch>; 4 Jan 2023 19:53:46 -0000
Message-ID: <b80abf6b-23fe-2fa8-a435-08d78be0de23@huitema.net>
Date: Wed, 04 Jan 2023 11:53:46 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1
Content-Language: en-US
To: Eliot Lear <lear@lear.ch>, Stewart Bryant <stewart.bryant@gmail.com>, Dino Farinacci <farinacci@gmail.com>
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, pearg@irtf.org
References: <9C9FAB23-D95D-4BB6-820C-95DA8018451B@gmail.com> <9E792EAB-29DF-4A7F-8F6B-BD5BF8041167@gmail.com> <bf81f001-3de1-0c05-bbbb-eda13adb4ddf@lear.ch>
From: Christian Huitema <huitema@huitema.net>
In-Reply-To: <bf81f001-3de1-0c05-bbbb-eda13adb4ddf@lear.ch>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: 66.113.197.12
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.14)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT+uxc+ANlfTFeZKFz1YNTIsPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5yiJCcjRq2hqrD2/ptWXAoffYzfQXcfqmra3dmoHS4ygqKW RcIMrJVVHm+0uCmHL7NWuRWrkPihq53YqAd1ENNqBHtNXu1E6L4+KyOXc4QYanQOD0r6/AaHZiEt dTMtMlia0Lmg/jgHfCNZd+W+PXf6XUk6RrSmTpxXJFCgE5YUPyue9TLOhN8AYRsvkjfngQC9MbDP yUBukWuaYaUwIAw1zDkBvlIN1pUDU5DU5DggD98cjIN3reG9z0FKKQ5m2Qpw7sOVVcM1Xk+Tdz6g /UMvfWqyN3veeFIMJz/vumcqAwMU9kjfE7EFo+kP5riIEUmxU01QhuxnshSbl6nxbLZ35/xY0uvo WBEOfzq3RG28wI7w4vcwqZanLHsZM8r4s5ZjlHoGly8aneNxj+pRyx6DFxVLaXQjMXzVZeSmCuLu +pFVgpT1b21uZVckGp0ccOZtuBWXiK6eoWgQZnNLL6SbpUc7peFeo3eDQNYbhOKhzzgqmaDn5SlD Y9mmtv6e91aWBLor1oCWetcUjeG94V2Xd0VuMyXLz+8t1Zxi7l9hE6TeVLW3pB0Q/PTyowo5Afvo hdtWOYupSI9T6Owf+UlSCFXoGKtafvOtcW/mP16byrL/nwvREHuP3/Ps3A4Pt7hRyBl07OVp2D/S 9ogT8aIX6abOyKlLsxs8P4CT3FEuG9vP8dmBKngmpa1KLh/8OuiC1AI9a3irbifzymzQYX+PBmMH g2fCDNMp54PuDXKTJcfumkpXpYIv8v5FaNWYFXAM0rNJQGzebnTLunTUqZa6Nho+uS019JPSaB1F srX7BDcKVNeVJ9BXyu9+ceCqThTYg2px1fSoqxQCCHnLMo/m9VKh99btUAanjnMCAH2co+fBoeG+ Hs0afhsY/5zhNYWRVYKU9W9tbmVXJBqdHHDmZEKhyNAv1N35kYWaEdgLurFV5oTvAcwA4rM3FkfW 8/1kE/e7sUnsVpINvARNxpFO
X-Report-Abuse-To: spam@quarantine14.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/Ii-L3E_8kDw29HPuRORXcJueux4>
Subject: Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 19:53:57 -0000

The problem is that the IP address is linked to the server and user 
identity. Tracking the source and destination pair allows on path 
entities to check which user contacts what server. It also allows 
servers to check the identity of their client and their location. 
Servers may have other ways to check identity such as cookies or client 
login, but the client IP address provides location information on top of 
that.

The classic answer is to "use a VPN". This will hide the actual client 
location from the server. It will also hide the destination address from 
on path agents near the client. But of course the information is fully 
visible at the VPN, which makes the VPN a "point of interest" for 
various monitoring efforts.

The better answer is to "use two VPNs". The first VPN will know the 
client address, but will not know the server address -- it will only see 
the IP address of the second VPN. The second VPN will see the server 
address, but it will not see the client address -- it will only see the 
first VPN address. Monitoring efforts will require the cooperation of 
both VPNs, which can be significantly harder.

In essence, this is what efforts like "oblivious DNS" or "oblivious 
HTTP" do: use two relays to hide the actual DNS target or HTTP service 
from the the first relay and to hide the client IP address from the 
second relay. This is also pretty much what Tor does, except that Tor 
uses three relays, not two, to make collusion between relays even less 
likely.

The big issue behind that are of course performance and economics. Using 
such relays degrades performance somewhat, if only because of double or 
triple encryption: will the users accept that reduced performance? And 
then, operating relays has a cost. Who will pay for that? If the users 
do pay for that, how does the users pay without disclosing their 
identities to the relays, and thus enable monitoring? If the users do 
not pay, how can we sure of the intentions of whoever is paying for the 
relays?

-- Christian Huitema


On 1/4/2023 12:51 AM, Eliot Lear wrote:
> I'm reducing this down to pearg.  Blasting so many lists seems a bit much.
> 
> Someone somewhere needs a stable identifier, but whether that identifier 
> needs to be at L3 depends on the circumstances.  For well known 
> servers... well, they're well known, so hiding an L3 address buys you 
> what?  For less well known stuff, the mapping of an ephemeral L3 address 
> to a stable identifier may not require standardization at the L3 layer. 
> Having a rendezvous registration service of some form even at the 
> application layer may be sufficient.  What is necessary, as always, is 
> the means to communicate with the device behind NATs/firewalls, etc. The 
> authorization model for that may require a tell in order to avoid 
> trumboning.  That may or may not be necessary, depending on how 
> sensitive an application is to latency/jitter.
> 
> It could be that the OS signaling for changes to the mapping and the 
> means by which the mapping is communicated within applications *could* 
> be standardized.  That's akin to TURN and STUN, right?
> 
> Eliot
> 
> On 04.01.23 09:05, Stewart Bryant wrote:
>> For all end to end communications the routing system needs to know how 
>> to deliver the packet. Obscuring the mapping between the address and 
>> the location moves the anonymisation problem from the data plane to 
>> the routing plane. This makes life harder for the observer, but I am 
>> not sure that it makes it sufficiently hard as to be worth the cost. 
>> One advantage of the topological association of addresses is the 
>> intrinsic address aggregation property which both reduces routing 
>> traffic overhead and speeds up convergence.
>>
>> Stewart
>>
>> Sent from my iPad
>>
>>> On 3 Jan 2023, at 22:29, Dino Farinacci<farinacci@gmail.com>  wrote:
>>>
>>> EIDs are not topological. We have all known this for a very long 
>>> time. We can make them ephemeral as well, we can make them 
>>> cryptographic.
>>>
>>> Dino
>>>
>>>> On Jan 3, 2023, at 11:38 AM, Brian E 
>>>> Carpenter<brian.e.carpenter@gmail.com>  wrote:
>>>>
>>>>> On 03-Jan-23 23:27, John Mattsson wrote:
>>>>>
>>>>> IP addresses are still not only long-lived trackable identifiers, 
>>>>> but they also reveal your location.
>>>> IP addressing is intrinsically topological, so this is never going 
>>>> to change.
>>>>
>>>> (Temporary IPv6 addresses are not long-lived, but they remain 
>>>> topological.)
>>>>
>>>>   Brian
>>>>
>>>> _______________________________________________
>>>> saag mailing list
>>>> saag@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/saag
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>>
>

v2.23.0 | Report a Bug | By Email