Re: [Pidloc] PIdLoc Webex

Tom Herbert <tom@quantonium.net> Fri, 07 December 2018 18:57 UTC

Return-Path: <tom@quantonium.net>
X-Original-To: pidloc@ietfa.amsl.com
Delivered-To: pidloc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9212F130FB8 for <pidloc@ietfa.amsl.com>; Fri, 7 Dec 2018 10:57:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.359
X-Spam-Level:
X-Spam-Status: No, score=-3.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=quantonium-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GEPR-ny688WN for <pidloc@ietfa.amsl.com>; Fri, 7 Dec 2018 10:57:37 -0800 (PST)
Received: from mail-it1-x134.google.com (mail-it1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 313B7130FB7 for <pidloc@ietf.org>; Fri, 7 Dec 2018 10:57:37 -0800 (PST)
Received: by mail-it1-x134.google.com with SMTP id z7so8471137iti.0 for <pidloc@ietf.org>; Fri, 07 Dec 2018 10:57:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=L+b9IRuCR3666RraHEHCke9ZmBI26hsAYkv9PIqVmIM=; b=CamqUPTEva6BksQFFQnrErIGI2NuXH5SBlnPc7pmkuuay5KhRBLEF+tcgzVVHMiDdy KBKvjTZydwsvraOxtK9Il/CwWSpf67SNrkcCso87j1v9mZdj13ziI2jbx2AcQs3Y8/yJ hO6e9UlJKvVCXGd4Z4X2JLi6akwJFcIbPoGfHGAZdZK4g7ATwMiMYywkomn4iQiPLFGL r1KPUe/JHE207D3j/CzGbU1Uuz4y7rzejmr3HK92KJ5JjqH3Chw6nd8OKew1EL+iyM/Q wRFT3v6ndtI2KVyNkwE+ZiNJIb9ZXmzsoRVVNCyH2tVOra+ZLk0P0AeTLlL+rq0qYvtf 6pig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=L+b9IRuCR3666RraHEHCke9ZmBI26hsAYkv9PIqVmIM=; b=de8rlJ/Mn0CNHIi1C/HjT6ShzMxdVxyVeAgQw6s9xnk732AeY9/O9Mmq3GQLpFwkkg QiPpVVuUuK7MtjXRrBVNGY85uj48l/AfYtfRd4dGkGq+5nNVLu0VDbv3k18LmcXQ6/pd 86u5cvZ3Hf59Vg9WMwomyNksOJ5BSy7ABovNJ8eWKgNYIONAPCT1DLpc7R5WDVqz9Ee4 gTGGResRNNWuLv6RXsUXjrM1HrFkCNl5+BKz5TbYF3avTCGbD6fg1r+QKtmTtHSwZ+R9 hNVZmjVSgBECQMhwNmSxVj28XVs68DLRHp/RYIUaIR9f9FanbgYCBZU7Q+5biLPJOdTO 1VyQ==
X-Gm-Message-State: AA+aEWY9QxdVBRqq+AXME16/WNsSjNVKk6+MT6AjS+kxqGpJXsGaIm84 I26WTsAK1KtZCjc068gdEJGuE57GULDtYXBhMNuoYg==
X-Google-Smtp-Source: AFSGD/VqFJB2ZxrWnk/Bk8jXKCAecoF8EjK2GIGgX9jZdJsQ3vB9ZNGZSiRxKVIJCowZOE1UrXyU0BY8Xcsj4KHWWjg=
X-Received: by 2002:a02:7e95:: with SMTP id g21mr2680015jae.114.1544209056321; Fri, 07 Dec 2018 10:57:36 -0800 (PST)
MIME-Version: 1.0
References: <FRAPR01MB0801A22EEC0D55414EFFEC2ED1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801CDFD28647B7A02D700D2D1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801A452C8111F16940D4D65D1D10@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB080121A9C90A6F78BBD7E4B7D1AF0@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <95C0EB99-9A1F-4650-B764-2CC923B879A2@gmail.com> <CAPDqMeoUPaCiAF_7FeiBko0g=ofH6UcCtMAFn+1yLrPWJQfGWw@mail.gmail.com> <12D7EB58-278A-4ED4-83CE-B72F9206F054@gmail.com> <CAPDqMeqBL2O-g3-u5y2OZvsLJFG-qe_a3dc5qXSR8GaMAFsKXg@mail.gmail.com> <5CDE5968-FF04-4F8D-96F6-5CE51445B3CC@gmail.com> <CAPDqMeoRBD0qFFgnwpZghaNz7aHJA_mXfc16ainwjDhXQMQ+ew@mail.gmail.com> <3BB55FFA-D711-43AB-A788-AD7AA300D7DF@gmail.com> <CAPDqMermOi_avv24f9=mawUJ3HAvLjqv3CbhziOL5pWCLbtDdA@mail.gmail.com> <E3A4FF53-AA56-404A-9E3B-FD88E84674C5@gmail.com>
In-Reply-To: <E3A4FF53-AA56-404A-9E3B-FD88E84674C5@gmail.com>
From: Tom Herbert <tom@quantonium.net>
Date: Fri, 7 Dec 2018 10:57:24 -0800
Message-ID: <CAPDqMepM0PmuHgXxqGP41kBCRXHfO7iDD_QkvzMiFPD9wyEHLQ@mail.gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
Cc: Dirk.von-Hugo@telekom.de, RJ Atkinson <rja.lists@gmail.com>, Saleem Bhatti <saleem@st-andrews.ac.uk>, Shunsuke Homma <homma.shunsuke@lab.ntt.co.jp>, Behcet Sarikaya <sarikaya@ieee.org>, Luigi Iannone <ggx@gigix.net>, erik@zededa.com, pidloc@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pidloc/DckBQkrNSY2Qoq6b4qbQf05rH38>
Subject: Re: [Pidloc] PIdLoc Webex
X-BeenThere: pidloc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <pidloc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pidloc>, <mailto:pidloc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pidloc/>
List-Post: <mailto:pidloc@ietf.org>
List-Help: <mailto:pidloc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pidloc>, <mailto:pidloc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2018 18:57:39 -0000

On Fri, Dec 7, 2018 at 10:42 AM Dino Farinacci <farinacci@gmail.com> wrote:
>
>
> >> You are bringing up a different issue now. And we have discussed this at length before. But as long as you have an underlay and plaintext headers, you still lose privacy even when EIDs are obfuscated.
> >>
> > The underlay protocol is not relevant to privacy, it is only the
> > mechanism used in a closed provider's network to deliver packets to
>
> Yes it is for the reasons you have stated before. If I run LISP from my house and obfuscate on EIDs, any eavesdropper can look at the source RLOC to determine I’m a Comcast customer (and can find out the head-end and tail-end connections - my house). That is a violation of my privacy. They can’t tell what transport connections I’m using and who I cam talking to but as long as the outer header is plaintext and “hidden aggreagated", it is a granular privacy invasion. If the LISP xTR was in Comcast, then it looks like some obfuscated EIDs are sending from Comcast. That doesn’t violate my personal privacy.
>
> > their destination. Outside of the network, only plain IP packets are
> > seen. It is the privacy attributes of the packets visible to the world
> > that are interesting.
>
> That is what I’m talking about.
>
Yes, the network should assign ephemeral addresses. Scaling this so
that hosts can use a different address per connection is the problem
that ensues.

> Dino
>