Re: [Pidloc] PIdLoc Webex
Tom Herbert <tom@quantonium.net> Wed, 05 December 2018 21:33 UTC
Return-Path: <tom@quantonium.net>
X-Original-To: pidloc@ietfa.amsl.com
Delivered-To: pidloc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90045130E95 for <pidloc@ietfa.amsl.com>; Wed, 5 Dec 2018 13:33:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.359
X-Spam-Level:
X-Spam-Status: No, score=-3.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=quantonium-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5rOnUvzv38Q9 for <pidloc@ietfa.amsl.com>; Wed, 5 Dec 2018 13:33:28 -0800 (PST)
Received: from mail-it1-x130.google.com (mail-it1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5AC112D4E7 for <pidloc@ietf.org>; Wed, 5 Dec 2018 13:33:28 -0800 (PST)
Received: by mail-it1-x130.google.com with SMTP id h193so22598348ita.5 for <pidloc@ietf.org>; Wed, 05 Dec 2018 13:33:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ZY9fPQaXyxvSi41JsPcWY9NaxYakG7WoST7tqb8HH7I=; b=P5OXuRlZdn8x4cRZFjkmMpSb3BEp6HGYHj1f6c/ESf5SuKfwoSXv3Yf3BOAZnTLsG2 XRpt2lpAK6TTuyOilfGlvYwprJVDe6kbsDFmAaKWxs9QwQNHTvlG/Ntc7B63BdA6ne+M XEwQpuR5OiLsFRSJEEjvd4nPGL76VeS8OaDmvv0NXQfsYVn6MzTf1Fim7nbgO1yiC3yw 9dwMwL9rWBreBhL1uuKGps1T6extNkZBSOUs0i20RDhSL+gFJdHQlqzIojNDrWGpRGvF dynqIxdOxwgvgl4vsbhD8B9ruzXyvnk9lpQYGRICV0WebS2/Xxm5nJJdebD3qqx2KXML /PTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ZY9fPQaXyxvSi41JsPcWY9NaxYakG7WoST7tqb8HH7I=; b=Vog/WTqpvje6QISZkkoNxPhVzFcHdnpVafxFHA3xcgKVtZhS0q4Jp3ol+dRu1KjYb3 OvIeC8icHbvXThjNwf/hPHg1SqhsNOSH1hrzCyNVoOpSxOemOKjoK42v5ojPtnk+h5ig h8mjk9RZqUTq/OuVJOkaZjqD+07my0gZGxpKpRnVTlKcEtM4vF+ddY2LXO02tdMJG8+b 4yZAiXwhgCx2fPxz9YOB+3ny+9O8FswEPmKnQbTWApm0H1cyA7lK8gkBrZNxXndoQbnF h6tOuArNCo8D+EvPHDW5RpR+qcy+lTbRQkm9r0+lGE3ezxDm/hfDTejQ1EtgfJI+3llz 7AQA==
X-Gm-Message-State: AA+aEWZvjle0n6kaemj6Ql+BEMk7K861XxX5VxjMj0BGEVEKEQjPAHZn 7tnHidpOQNQWB7mn6bygnOzTT+CyTRvXE2U1NsgzEQ==
X-Google-Smtp-Source: AFSGD/VVFbgQzP2p9mwjzAEwLXOAwC9xxlEGGoJzpj/BWgnPYoQnS8U4ZRj1DOfXQeeeAlUrKHdzvOTDrmDDe17Mkk0=
X-Received: by 2002:a02:85ae:: with SMTP id d43mr23962594jai.70.1544045607725; Wed, 05 Dec 2018 13:33:27 -0800 (PST)
MIME-Version: 1.0
References: <FRAPR01MB0801A22EEC0D55414EFFEC2ED1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801CDFD28647B7A02D700D2D1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801A452C8111F16940D4D65D1D10@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB080121A9C90A6F78BBD7E4B7D1AF0@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <95C0EB99-9A1F-4650-B764-2CC923B879A2@gmail.com>
In-Reply-To: <95C0EB99-9A1F-4650-B764-2CC923B879A2@gmail.com>
From: Tom Herbert <tom@quantonium.net>
Date: Wed, 05 Dec 2018 13:33:14 -0800
Message-ID: <CAPDqMeoUPaCiAF_7FeiBko0g=ofH6UcCtMAFn+1yLrPWJQfGWw@mail.gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
Cc: Dirk.von-Hugo@telekom.de, rja.lists@gmail.com, saleem@st-andrews.ac.uk, Shunsuke Homma <homma.shunsuke@lab.ntt.co.jp>, Behcet Sarikaya <sarikaya@ieee.org>, Luigi Iannone <ggx@gigix.net>, erik@zededa.com, pidloc@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pidloc/IAJLj-sno-uGajAIhP3pHl2Q9eE>
Subject: Re: [Pidloc] PIdLoc Webex
X-BeenThere: pidloc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <pidloc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pidloc>, <mailto:pidloc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pidloc/>
List-Post: <mailto:pidloc@ietf.org>
List-Help: <mailto:pidloc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pidloc>, <mailto:pidloc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 21:33:31 -0000
On Tue, Dec 4, 2018 at 8:53 AM Dino Farinacci <farinacci@gmail.com> wrote: > > > Questioned explicitly by Dirk Luigi pointed out that LISP so far has not dealt with privacy problem but secured content by encryption and protected mapping request from attacks > > This is a broad statement. Can someone be more specific. > > If DTLS is used for LISP protocol messages and LISP-crypto is used for encapsulation than both the LISP control-plane and data-plane support privacy. Note that if you don’t use DTLS, one can send control-plane messages over LISP-crypto. So the architecture can support privacy. DTLS could be applied to any UDP tunneling protocol, but that's not really where the privacy problem lies. Presuming that as much of the packet is encrypted as possible, then the question becomes what can be inferred from the non-encrypted portions of the packet to breach someone's privacy. The obvious data that could be exploited are the IP addresses in a packet. There's at least two possible exploits: 1) Addresses allow correlations between two different flows that they are originated by the same user 2) Geo-location of a user can be deduced from observed addresses. The actual identity of a user isn't immediately available in addresses, but there's a fairly simple method to deduce identity using #1. Tom > > Dino >
- [Pidloc] FW: PIdLoc Webex Dirk.von-Hugo
- Re: [Pidloc] PIdLoc Webex Dirk.von-Hugo
- Re: [Pidloc] PIdLoc Webex Dirk.von-Hugo
- Re: [Pidloc] PIdLoc Webex Dino Farinacci
- Re: [Pidloc] PIdLoc Webex Tom Herbert
- Re: [Pidloc] PIdLoc Webex Dino Farinacci
- Re: [Pidloc] PIdLoc Webex Tom Herbert
- Re: [Pidloc] PIdLoc Webex Dino Farinacci
- Re: [Pidloc] PIdLoc Webex Behcet Sarikaya
- Re: [Pidloc] PIdLoc Webex Tom Herbert
- Re: [Pidloc] PIdLoc Webex Behcet Sarikaya
- Re: [Pidloc] PIdLoc Webex Dirk.von-Hugo
- Re: [Pidloc] PIdLoc Webex Tom Herbert
- Re: [Pidloc] PIdLoc Webex Dino Farinacci
- Re: [Pidloc] PIdLoc Webex Behcet Sarikaya
- Re: [Pidloc] PIdLoc Webex Tom Herbert
- Re: [Pidloc] PIdLoc Webex Dino Farinacci
- Re: [Pidloc] PIdLoc Webex Tom Herbert
- Re: [Pidloc] PIdLoc Webex Dino Farinacci
- Re: [Pidloc] PIdLoc Webex Tom Herbert
- Re: [Pidloc] PIdLoc Webex Dino Farinacci
- Re: [Pidloc] PIdLoc Webex Tom Herbert
- Re: [Pidloc] PIdLoc Webex Dino Farinacci
- Re: [Pidloc] PIdLoc Webex Tom Herbert
- Re: [Pidloc] PIdLoc Webex Dino Farinacci
- Re: [Pidloc] PIdLoc Webex Tom Herbert
- Re: [Pidloc] PIdLoc Webex Dino Farinacci
- Re: [Pidloc] PIdLoc Webex Behcet Sarikaya