Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
Stewart Bryant <stewart.bryant@gmail.com> Wed, 04 January 2023 13:54 UTC
Return-Path: <stewart.bryant@gmail.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DA03C13A06B; Wed, 4 Jan 2023 05:54:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HJLhITB_95Ez; Wed, 4 Jan 2023 05:54:19 -0800 (PST)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED49DC14F613; Wed, 4 Jan 2023 05:54:19 -0800 (PST)
Received: by mail-wr1-x42c.google.com with SMTP id co23so33056632wrb.4; Wed, 04 Jan 2023 05:54:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=l9W6K1AQvOmvNZoeIIAtWp3Ah7bG5vAILE1x2NB7nNg=; b=h6iOksrsR/JBG4v9zmnPng0rHAJxQ7zVZnSZ6wzihQcdl8DivPgIs8gWQrlLNZi17E lBTd350vH6yMVtBV5Ltjch6fHN01u6HmZY3onSvsWIhxqQaf1B2ulY/4vUKPcy6bHujw 9hfTBx/ppj1mkwxyr/GSabnEUblINGomOYS95FChelUUBMim3UFtNLRJDQFYvdtBAypz 1+zJ+LrnZGfXFTpyDvBAcDJvVxVaMZ5qKxkCNib7SjukBut2W5nMSklqStoHOoyKB3PQ c3hYiR6cRu+hjW+YzEC4nx39heTBwwESZ6XVF+pYv/wmiGSPkGU/b4kMOOGdj35f50E3 iVGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=l9W6K1AQvOmvNZoeIIAtWp3Ah7bG5vAILE1x2NB7nNg=; b=rjJeb8Do4hTNT6qvELio95S3BLY8dvbBQAqxnJwRmSzRkMiGm5bphG9yiZnWjzYRh6 4EKtm+iotq+AnWLsx09UxLg+Z36gMy1HTqN50KZBBer7CxR8WPaqvUjef6QxmWj2SfKL nM9KtxySIZDKqXIjEWU/3ajqfuovQVpwP3uUFfYY3qXVSXa3tZATNqjpga2lagao3pSN CIYkQIuGAUb+NdLx+AGjeqgnIiCBgbxqSbiZoe1+z8g5iIUgDws6t+W8I0s5qtyHUZrY KmAGAxjT7dgF3QXNi8WMkFMpwE+IxYePziOWD80c/Gqn3l0z68HAHmoOpZSGPvkVJ/KF qC3w==
X-Gm-Message-State: AFqh2krWzId/KqCJncDH22m/CZs6f5ASHmiz1roS0SKFk9EeNpknSwQd rQXAbpmtfg48S62nL0jsoDM=
X-Google-Smtp-Source: AMrXdXtJZhMJEYE4FjpUHB3BBs2Csb2LINR+ERuNptRxOaKM+IBWO49CUsu+E0mD3ga8Q1zoq6OWjQ==
X-Received: by 2002:a05:6000:408b:b0:242:8404:6b66 with SMTP id da11-20020a056000408b00b0024284046b66mr35410554wrb.1.1672840457436; Wed, 04 Jan 2023 05:54:17 -0800 (PST)
Received: from smtpclient.apple ([2a00:23c5:33a1:2101:bd06:9e46:2ee0:5c2f]) by smtp.gmail.com with ESMTPSA id b16-20020adfee90000000b002a1dd8ff75fsm2859206wro.62.2023.01.04.05.54.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Jan 2023 05:54:16 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\))
From: Stewart Bryant <stewart.bryant@gmail.com>
In-Reply-To: <CAKr6gn0tFXEV-h7LH1_Ts5iQRw_mGEi=TqS7hsyK-SqDFmmY-A@mail.gmail.com>
Date: Wed, 04 Jan 2023 13:54:04 +0000
Cc: Stewart Bryant <stewart.bryant@gmail.com>, Lloyd W <lloyd.wood=40yahoo.co.uk@dmarc.ietf.org>, Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>, pearg@irtf.org, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, saag <saag@ietf.org>, Dino Farinacci <farinacci@gmail.com>, hrpc@irtf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <C09B3D18-2871-491F-B76C-630A2DCA439A@gmail.com>
References: <3c3230f3783b4ec9a8a9e3bb87cc2a8d@huawei.com> <08C49067-DB4C-41AB-A6F3-B96BDBE0A4BC@yahoo.co.uk> <CAKr6gn0tFXEV-h7LH1_Ts5iQRw_mGEi=TqS7hsyK-SqDFmmY-A@mail.gmail.com>
To: George Michaelson <ggm@algebras.org>
X-Mailer: Apple Mail (2.3731.300.101.1.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/aIe818TjQ4-FZ7T8K9hpWYghZS4>
X-Mailman-Approved-At: Wed, 04 Jan 2023 09:21:18 -0800
Subject: Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 13:54:20 -0000
> On 4 Jan 2023, at 09:35, George Michaelson <ggm@algebras.org> wrote: > > Put a nonce source ip in the packet header and the real source as 4-16 bytes of PFS protected payload. Indeed we know that there is no need for an SA other than to support the most primitive types of communication or the most primitive types of detection of errors or spoofed packets. Though a spoofed SA may fall foul of the latter and cause the packet to be dropped. MPLS works fine without SAs. > > Use asymmetric routing. A single point of capture which isn't close to source or destination is occluded. Just to note that some protocols would like path symmetry for round trip delay equalisation. NTP is a good example. However this more a wish than a promise as ECMP is not symmetr Indeed, picking up on the earlier note about encrypted source routing, back in the very early days of MPLS SR we speculated about obscuring the labels so as to introduce a primitive form of end to end path control with limited visibility and limited ability of nefarious nodes to send over premium paths. Stewart > > Can't fix a warrant tap, but can at least obfuscate for on-path. > > G
- [Pearg] Ten years after Snowden (2013 - 2023), is… John Mattsson
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Christopher Wood
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Brian E Carpenter
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Christian Huitema
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Dave Taht
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Adrian Gropper
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Stewart Bryant
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eliot Lear
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Antoine FRESSANCOURT
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Lloyd W
- Re: [Pearg] [saag] Ten years after Snowden (2013 … George Michaelson
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Niels ten Oever
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Vittorio Bertola
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… John Mattsson
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Stewart Bryant
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eric Rescorla
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Christian Huitema
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eliot Lear
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brian E Carpenter
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Ted Hardie
- Re: [Pearg] [saag] Ten years after Snowden (2013 … John Mattsson
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Kyle Rose
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Antoine FRESSANCOURT
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eric Rescorla
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alan DeKok
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [EXT] Re: [saag] Ten years after Snow… Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alan DeKok
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Stephen Farrell
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Deen, Glenn (NBCUniversal)
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… bzs
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Laurence Lundblade
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Abdussalam Baryun
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Laurence Lundblade
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Adrian Gropper
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] [hrpc] Ten years after Snowden… Tony Rutkowski
- [Pearg] times square 15 sec delay new years Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dan Harkins
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alec Muffett
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alec Muffett
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Vittorio Bertola
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Ted Lemon
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Lloyd W
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Fernando Gont
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Fernando Gont
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Luigi Iannone
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Christian Huitema