Re: [Pidloc] PIdLoc Webex

Tom Herbert <tom@quantonium.net> Wed, 05 December 2018 21:33 UTC

Return-Path: <tom@quantonium.net>
X-Original-To: pidloc@ietfa.amsl.com
Delivered-To: pidloc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90045130E95 for <pidloc@ietfa.amsl.com>; Wed, 5 Dec 2018 13:33:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.359
X-Spam-Level:
X-Spam-Status: No, score=-3.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=quantonium-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5rOnUvzv38Q9 for <pidloc@ietfa.amsl.com>; Wed, 5 Dec 2018 13:33:28 -0800 (PST)
Received: from mail-it1-x130.google.com (mail-it1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5AC112D4E7 for <pidloc@ietf.org>; Wed, 5 Dec 2018 13:33:28 -0800 (PST)
Received: by mail-it1-x130.google.com with SMTP id h193so22598348ita.5 for <pidloc@ietf.org>; Wed, 05 Dec 2018 13:33:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ZY9fPQaXyxvSi41JsPcWY9NaxYakG7WoST7tqb8HH7I=; b=P5OXuRlZdn8x4cRZFjkmMpSb3BEp6HGYHj1f6c/ESf5SuKfwoSXv3Yf3BOAZnTLsG2 XRpt2lpAK6TTuyOilfGlvYwprJVDe6kbsDFmAaKWxs9QwQNHTvlG/Ntc7B63BdA6ne+M XEwQpuR5OiLsFRSJEEjvd4nPGL76VeS8OaDmvv0NXQfsYVn6MzTf1Fim7nbgO1yiC3yw 9dwMwL9rWBreBhL1uuKGps1T6extNkZBSOUs0i20RDhSL+gFJdHQlqzIojNDrWGpRGvF dynqIxdOxwgvgl4vsbhD8B9ruzXyvnk9lpQYGRICV0WebS2/Xxm5nJJdebD3qqx2KXML /PTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ZY9fPQaXyxvSi41JsPcWY9NaxYakG7WoST7tqb8HH7I=; b=Vog/WTqpvje6QISZkkoNxPhVzFcHdnpVafxFHA3xcgKVtZhS0q4Jp3ol+dRu1KjYb3 OvIeC8icHbvXThjNwf/hPHg1SqhsNOSH1hrzCyNVoOpSxOemOKjoK42v5ojPtnk+h5ig h8mjk9RZqUTq/OuVJOkaZjqD+07my0gZGxpKpRnVTlKcEtM4vF+ddY2LXO02tdMJG8+b 4yZAiXwhgCx2fPxz9YOB+3ny+9O8FswEPmKnQbTWApm0H1cyA7lK8gkBrZNxXndoQbnF h6tOuArNCo8D+EvPHDW5RpR+qcy+lTbRQkm9r0+lGE3ezxDm/hfDTejQ1EtgfJI+3llz 7AQA==
X-Gm-Message-State: AA+aEWZvjle0n6kaemj6Ql+BEMk7K861XxX5VxjMj0BGEVEKEQjPAHZn 7tnHidpOQNQWB7mn6bygnOzTT+CyTRvXE2U1NsgzEQ==
X-Google-Smtp-Source: AFSGD/VVFbgQzP2p9mwjzAEwLXOAwC9xxlEGGoJzpj/BWgnPYoQnS8U4ZRj1DOfXQeeeAlUrKHdzvOTDrmDDe17Mkk0=
X-Received: by 2002:a02:85ae:: with SMTP id d43mr23962594jai.70.1544045607725; Wed, 05 Dec 2018 13:33:27 -0800 (PST)
MIME-Version: 1.0
References: <FRAPR01MB0801A22EEC0D55414EFFEC2ED1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801CDFD28647B7A02D700D2D1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801A452C8111F16940D4D65D1D10@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB080121A9C90A6F78BBD7E4B7D1AF0@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <95C0EB99-9A1F-4650-B764-2CC923B879A2@gmail.com>
In-Reply-To: <95C0EB99-9A1F-4650-B764-2CC923B879A2@gmail.com>
From: Tom Herbert <tom@quantonium.net>
Date: Wed, 5 Dec 2018 13:33:14 -0800
Message-ID: <CAPDqMeoUPaCiAF_7FeiBko0g=ofH6UcCtMAFn+1yLrPWJQfGWw@mail.gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
Cc: Dirk.von-Hugo@telekom.de, rja.lists@gmail.com, saleem@st-andrews.ac.uk, Shunsuke Homma <homma.shunsuke@lab.ntt.co.jp>, Behcet Sarikaya <sarikaya@ieee.org>, Luigi Iannone <ggx@gigix.net>, erik@zededa.com, pidloc@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pidloc/IAJLj-sno-uGajAIhP3pHl2Q9eE>
Subject: Re: [Pidloc] PIdLoc Webex
X-BeenThere: pidloc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <pidloc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pidloc>, <mailto:pidloc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pidloc/>
List-Post: <mailto:pidloc@ietf.org>
List-Help: <mailto:pidloc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pidloc>, <mailto:pidloc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 21:33:31 -0000

On Tue, Dec 4, 2018 at 8:53 AM Dino Farinacci <farinacci@gmail.com> wrote:
>
> > Questioned explicitly by Dirk Luigi pointed out that LISP so far has not dealt with privacy problem but secured content by encryption and protected mapping request from attacks
>
> This is a broad statement. Can someone be more specific.
>
> If DTLS is used for LISP protocol messages and LISP-crypto is used for encapsulation than both the LISP control-plane and data-plane support privacy. Note that if you don’t use DTLS, one can send control-plane messages over LISP-crypto. So the architecture can support privacy.

DTLS could be applied to any UDP tunneling protocol, but that's not
really where the privacy problem lies. Presuming that as much of the
packet is encrypted as possible, then the question becomes what can be
inferred from the non-encrypted portions of the packet to breach
someone's privacy. The obvious data that could be exploited are the IP
addresses in a packet. There's at least two possible exploits: 1)
Addresses allow correlations between two different flows that they are
originated by the same user 2) Geo-location of a user can be deduced
from observed addresses. The actual identity of a user isn't
immediately available in addresses, but there's a fairly simple method
to deduce identity using #1.

Tom

>
> Dino
>