Re: [Pidloc] draft-nordmark-id-loc-privacy

<Dirk.von-Hugo@telekom.de> Mon, 08 October 2018 15:02 UTC

Return-Path: <Dirk.von-Hugo@telekom.de>
X-Original-To: pidloc@ietfa.amsl.com
Delivered-To: pidloc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37C3E130EF9 for <pidloc@ietfa.amsl.com>; Mon, 8 Oct 2018 08:02:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.455
X-Spam-Level:
X-Spam-Status: No, score=-2.455 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telekom.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kgl2N5ZIEI80 for <pidloc@ietfa.amsl.com>; Mon, 8 Oct 2018 08:01:57 -0700 (PDT)
Received: from mailout41.telekom.de (MAILOUT41.telekom.de [194.25.225.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94DAD130EFF for <pidloc@ietf.org>; Mon, 8 Oct 2018 08:01:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telekom.de; i=@telekom.de; q=dns/txt; s=dtag1; t=1539010896; x=1570546896; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=0VBWOig9rp6KlpCHtvOFg1vDtfOvn+eXfUNk7sHfeYw=; b=o2H237fKBRNXFWM5082iUorBUELYVJTl4MhgJQO9OONI832F7tL7S2nG L1W4a5w1xOlgXRRDr4Z1LcejxgPEUmJVL38TYiJ2voF7hinC85xgSW3Ey 4uGsDMj7w/c9+Y8Pb+zwI8aRpJ2QotZkCtnSNi6k4mGZqHdFn+OH+eIo0 KsOY21IKvJSgBI4imkq1JAE6CsRU1OfFNatJSCB1Aw1OQVwVbAvJkcv1s nNRQ2FmKHIjHuiUEHt77o2XLF5E7EILe5lSr/qU1+XzurJF4h2Gzv64y/ pxhQpgXokHGYs0A3NkZm910oF9KXC7NXLiZ89jhEs51aKYE0ozd01Kz/D A==;
Received: from qde9xy.de.t-internal.com ([10.171.254.32]) by MAILOUT41.dmznet.de.t-internal.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Oct 2018 17:01:34 +0200
X-IronPort-AV: E=Sophos;i="5.54,357,1534802400"; d="scan'208,217";a="138392308"
Received: from he106138.emea1.cds.t-internal.com ([10.169.119.71]) by QDE9Y1.de.t-internal.com with ESMTP/TLS/AES256-SHA; 08 Oct 2018 17:01:33 +0200
Received: from HE105704.EMEA1.cds.t-internal.com (10.169.119.21) by HE106138.emea1.cds.t-internal.com (10.169.119.71) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 8 Oct 2018 17:01:33 +0200
Received: from HE100181.emea1.cds.t-internal.com (10.171.40.15) by HE105704.EMEA1.cds.t-internal.com (10.169.119.21) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Mon, 8 Oct 2018 17:01:33 +0200
Received: from GER01-FRA-obe.outbound.protection.outlook.de (51.4.80.15) by O365mail02.telekom.de (172.30.0.235) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Mon, 8 Oct 2018 17:01:01 +0200
Received: from FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE (10.158.135.18) by FRAPR01MB0804.DEUPRD01.PROD.OUTLOOK.DE (10.158.135.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1207.27; Mon, 8 Oct 2018 15:01:32 +0000
Received: from FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE ([fe80::19d:3b54:fe88:c744]) by FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE ([fe80::19d:3b54:fe88:c744%4]) with mapi id 15.20.1207.024; Mon, 8 Oct 2018 15:01:32 +0000
From: Dirk.von-Hugo@telekom.de
To: sarikaya@ieee.org, tom@quantonium.net
CC: pidloc@ietf.org
Thread-Topic: [Pidloc] draft-nordmark-id-loc-privacy
Thread-Index: AQHUW/PZa2PqHWSHd06U0N/4DdnTsqUPZKQAgAFRpQCAAAhdAIAABGaAgASxzbA=
Date: Mon, 08 Oct 2018 15:01:32 +0000
Message-ID: <FRAPR01MB0801B1C10EFB13D804095D3ED1E60@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE>
References: <CAC8QAcf-w6QhFXAf9c2y69-aWjwoLWJvuPP0Wgp4iT=Qz9+6tQ@mail.gmail.com> <CAPDqMeos1-=xTAdnOw893C3RkiM9wrt7_njg+jDEasHa-kz1zg@mail.gmail.com> <CAC8QAcct_h7Ti+U0U0McF2GSii+ynJZQg4ZO_2058XhPm6dy4w@mail.gmail.com> <CAPDqMepFhwFwU_G6Wnj+wdtKXT7BX1mPMwQpVkJEEY688FoXVQ@mail.gmail.com> <CAC8QAcdLqj1zMuitq-88dmHEZ5YXyYwR7ytwJftdcPwBn1wnDg@mail.gmail.com>
In-Reply-To: <CAC8QAcdLqj1zMuitq-88dmHEZ5YXyYwR7ytwJftdcPwBn1wnDg@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Dirk.von-Hugo@telekom.de;
x-originating-ip: [212.201.104.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; FRAPR01MB0804; 6:yI3m1xIrTD3/wojQHaWhExiAJg3onqpe55NjJgpcJ15ykdfx3hthrf+8bsizsz/NUsd02UC+JJdsOa3MsYNzTxoIP/9AXEbF9+8CI8+EDq4/tAlK8KGxaUiUP8pwzdz4kF0D3RnPlrDWgXDUfcayIBCf1sHu1KInSr8aiwdnSzwsWKVpEhJNNu1qmYzeN5guaKDsLQANTPnzgaiXD6VUSe8HtymCVvdoSf++r3eLLchclAauiOcKoP1m9pxlRb+0d48WAGroW2bQKYp6j2r+xv1tuPmPjO2F6MvlpYGtPjzS7vXqBuRL9n4M6mxKdggIntoloRhTOutBtMCqrTsNvcc5sktrFOO20vvsZEO9eLPtYYJcfVjXhfbTYtq7s0jHGaca5uOFveDih8Pp75NQGGFS+kztYWbO8tLXZrmhdDkMBYTr8h/CybdkFmEUPV2ZJ0ZtVu1TP7PmUMdyG33Mmg==; 5:QwBvwaTGTFSTb0UmfKtm2vuVnWAys48CNRo6eaGn3FQrzR/mNOGX1P3KHZ+LOr29A8u5vIdGDEMCeZndJrzoc13gOSUjMdyV4jUBAuUoS1Xi1LjICpUNfrmECRajd1HrArnIs+oXL1ZeoRdGw18wCqJ7g9qRWvKR5aIkqfdcPnY=; 7:SMZHuVHQBPXUV5iL08DSEQ9h8tufOXuKOu1EFPBY7b9Z2+nI3tWEKWy1azb5sw8M7obZceaKNazbqevVF6QFdnl9rXLYEOO3j3RZtJS4JFeCnEJOAMNIJOwvXzdtZfZPDlPvBFa5yGczmVB8TSaCY4R48XYsasqbF+hPfKKjGZRTP2v+Cc9gx+PjOH96QkZYp6GtmzQWOBQ49PY5Fes4TWsWy+1Ewx9KOQcqNyM2xIlCNhSWHtTU6Fu2Z2oWc4rp
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 2a3e6cdb-01b4-4aa2-98d8-08d62d2eef17
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:FRAPR01MB0804;
x-ms-traffictypediagnostic: FRAPR01MB0804:
x-microsoft-antispam-prvs: <FRAPR01MB08043B9DBFCDA1B321C8E0C4D1E60@FRAPR01MB0804.DEUPRD01.PROD.OUTLOOK.DE>
x-exchange-antispam-report-test: UriScan:(85827821059158)(278428928389397)(269456686620040)(21748063052155)(28532068793085)(190501279198761)(227612066756510);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3231355)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123562045)(20161123558120)(201708071742011)(7699051); SRVR:FRAPR01MB0804; BCL:0; PCL:0; RULEID:; SRVR:FRAPR01MB0804;
x-forefront-prvs: 081904387B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(396003)(376002)(366004)(346002)(39860400002)(189003)(199004)(102836004)(229853002)(71190400001)(86362001)(26005)(186003)(6246003)(68736007)(5660300001)(93886005)(71200400001)(33656002)(2501003)(2900100001)(5250100002)(4326008)(105586002)(76176011)(790700001)(3846002)(6116002)(75402003)(97736004)(53546011)(52396003)(7696005)(316002)(2906002)(74482002)(486006)(110136005)(8676002)(66066001)(72206003)(8936002)(53936002)(14444005)(81156014)(6306002)(9686003)(54896002)(81166006)(55016002)(236005)(14454004)(478600001)(256004)(476003)(7736002)(106356001)(11346002)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:FRAPR01MB0804; H:FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: telekom.de does not designate permitted sender hosts)
x-microsoft-antispam-message-info: DJI7J/DYWFlt0bEf2zxHGUVtla/5EKoEVYjZWWMDPaHM8kQmBpK+KJZQSzEWWciORKBDIyp12jV4aEr3+rAtkic6LnkHAQuazMUf0RIuMmWsEsHHVvC5ja0WkBLVgM36vMY5ihOoCDaNYTPxbZqJk2HWkfVawlstUMgOTQOtfQP6yzJLunwQJ6/n910jmo2bS62aqyOkjc5D8QELcAnp/OkFQ0Ug+GM6j1y5fcbE3FcBVkPMDQtnYCH0Om9IWI/WgEEVSaerj40RUiC86DOaOvGAwBZlzyMmK+hvGOoVoxO2horhAOo0+OfK1dYx83k2KSIN9WbfOZRB/4c7U4IHEJ5TOHdss1Z8YigDMGDnAe8=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_FRAPR01MB0801B1C10EFB13D804095D3ED1E60FRAPR01MB0801DEUP_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2a3e6cdb-01b4-4aa2-98d8-08d62d2eef17
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2018 15:01:32.2237 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bde4dffc-4b60-4cf6-8b04-a5eeb25f5c4f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRAPR01MB0804
X-OriginatorOrg: telekom.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/pidloc/GgRpilXZ4bysV0IiGBaZWO6xTt0>
Subject: Re: [Pidloc] draft-nordmark-id-loc-privacy
X-BeenThere: pidloc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <pidloc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pidloc>, <mailto:pidloc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pidloc/>
List-Post: <mailto:pidloc@ietf.org>
List-Help: <mailto:pidloc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pidloc>, <mailto:pidloc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Oct 2018 15:02:16 -0000

See below …
Thanks and BR, Dirk
On Fri, Oct 5, 2018 at 9:54 AM Tom Herbert <tom@quantonium.net<mailto:tom@quantonium.net>> wrote:
On Fri, Oct 5, 2018 at 7:24 AM, Behcet Sarikaya <sarikaya2012@gmail.com<mailto:sarikaya2012@gmail.com>> wrote:
>
>
> On Thu, Oct 4, 2018 at 1:15 PM Tom Herbert <tom@quantonium.net<mailto:tom@quantonium.net>> wrote:
>>
>> On Thu, Oct 4, 2018 at 8:02 AM, Behcet Sarikaya <sarikaya2012@gmail.com<mailto:sarikaya2012@gmail.com>>
>> wrote:
>> > Hi Luigi, Dirk, all,
>> >
>> > So far we have a number of reviews on Erik's draft indicating some
>> > editorial
>> > issues and asking for clarification of some parts. All that is good.
>> >
>> > What I suggest is that we should also look into what he is saying in
>> > that
>> > draft, what is he suggesting as the future work to do?
>> >
>> > Here I am going to summary what I could find out:
>> >
>> > - We should concentrate on long-lived identifiers;
>> >
>> > - Worry not much on designing a privacy based unified mapping mapping
>> > system
>> > which we had concentrated in our previous activity. This is because only
>> > trusted devices can access the mappings  in an operator network
>> >
>> > - Instead worry about minimizing the privacy implication one can explore
>> > limiting to which peers and when the ID/ locator binding are exposed.
>> >
>> > The cases where ID/locator bindings are exposed (especially any mobile
>> > devices)
>> > - Family and friends for example where are parents sharing young
>> > children
>> > location
>>
>> I don't believe this case is relevant. There's already applications
>> that I can use to track my kids (like Life360). These use the GPS in
>> mobile devices and secure connections to trasmit location information;
>> it's far more accurate and secure than trying to deriving location
>> information from a few bits in an IP address.
>
>
> Yes, this has already  been alluded to in the draft:
>
> Today such location sharing happens at an application layer using GPS
>    coordinates.
>
>
>> I think it's a hard
>> requirement that Identifiers (IP addresses in general) must not expose
>> geo location or mobile devices, and it follows that identifier/locator
>> bindings should never be shared outside a network except LEA orders.
>>
>
> Here is the rest of the above paragraph I quoted from Erik's draft:
>
> But while such sharing is in effect, it wouldn't be
>    unreasonable to also consider sharing IP locators to make it more
>    efficient or more robust to e.g., route a video feed from one device
>    to another.
>
>
> What do you think?

Sure, it could be considered, but the benefits of exposing a third
party to identifier/locator mappings would have to be weighed against
the cost. The potential cost is weakened user privacy and security.
Locators will convey geo location in a mobile network, so if someone
knows identifier to locator mapping, then they know location of node
with that identifier. But more than that, knowledge of
identifier/locator mappings allow correlations to be made between
identifiers. For instance, if a device is using some number of
untrackable and uncorrelatable identifiers for privacy, knowledge of
identifier to locator mappings allows correlations to be made and the
identifiers that belong to the device can be deduced and the users can
be tracked.

Absolutely.

One reason why I posted this mail was to encourage the discussion of solution approaches in different
IdLoc protocols.
How could we treat each of cases of Family and Friends, Industrial IoT, etc. in ILA, ILNP, and LISP?
What about the three points in Section 6?

Behcet

DH> I think we have to differentiate here between IP Locator mentioned above and geolocation. While the first used for end point routing may be statically correlated to a trackable geographic position and thus allow for privacy related tracking there should be measures to obfuscate this mapping to the outside world as the one between name or Identity to current location.
As such measures could serve the choices how to handle ID/locator mapping mentioned by Erik in sect. 6:
-   still using an ID/locator system but pointing a locator for some fixed anchor point,
- injecting routing prefixes for the ID prefixes into the normal routing system
- not providing any stable locators across the boundary between Id/Loc domain and rest of world …

I have no preference for the time being