Re: [Pidloc] PIdLoc Webex

Behcet Sarikaya <sarikaya2012@gmail.com> Thu, 06 December 2018 15:26 UTC

Return-Path: <sarikaya2012@gmail.com>
X-Original-To: pidloc@ietfa.amsl.com
Delivered-To: pidloc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 707E6124BF6 for <pidloc@ietfa.amsl.com>; Thu, 6 Dec 2018 07:26:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vPvYlogdECJc for <pidloc@ietfa.amsl.com>; Thu, 6 Dec 2018 07:26:55 -0800 (PST)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07BF8127598 for <pidloc@ietf.org>; Thu, 6 Dec 2018 07:26:55 -0800 (PST)
Received: by mail-wr1-x42a.google.com with SMTP id v13so892794wrw.5 for <pidloc@ietf.org>; Thu, 06 Dec 2018 07:26:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=gX4SsLjpLpt1c3ObKtWB7Lg0C+qbPBiZc1C46hYlvtU=; b=gaFsyKaqCNneq0ao6RGKWNoKiy4I4hYuSNdO6lzjQzDgt4xFmMu4tOWBhKsZspPHpf bS6nq+J7EI3XalGw/ERew/qLDRHYcDJHTEZU/JmosFQX3Ia9eRHuoCXcgpMeSPInBVCj 3x2Dc7UWA6CkVHcj/M33PiQHEsOV2oUKtGr3bW60ozwTwmLv+P8d4L/tD4/Mw22y5GU5 Z0Ch5EqXTNRQ1yp6o/KYX4g1kJp5t+f/h2ChHvHAdwFCTyrrBMFUCsEV3qmLVxDC+3KB NkgU26K5s/rMheOJlst9qy0AcdEO1UOLBjBPijfneH5AiIKI+pHmTB5QV3sAf07B6Z8d RdLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=gX4SsLjpLpt1c3ObKtWB7Lg0C+qbPBiZc1C46hYlvtU=; b=uk0pArFW6n9XKCKq9dxDNciZRUOkK5/EzpX9GRIVZqjPP0+R25BBmGwuHnsbfb1jKH 1hBspPBGDuQVpNUMV6Rh7+ZCKmG8x8+WipWqsgu55XZOBYIFjzqCRoU6htPXQ2bmIrCq +bTNykCWf/0RUfyAA/CBbUe71NscRj0tv5rFdGcfI2bcjiTJDQzuUMhkmUNuGZIzqIXm 6ThbYaP9EvQJz0mSaexQ9HrbNl8tWSEtIMdojpifkUGz7jcMO9OO5KZDKyquBGNO0Sbj xFQkYUBot5bylbuKNUNiEbhYnkc5YUrPbnjVE0cl76gAz0cqPlto4FR1VlRSh7xY2zjU i/pw==
X-Gm-Message-State: AA+aEWZJ0KYOobR/N+JSr6IhO3B+JaoNV9Rnfm3UoUpkY6ncftkMD9Y2 rS09MAzzzKB/xZNIoudPWnSSte+O8cqpgIvCR3k=
X-Google-Smtp-Source: AFSGD/VXkVxRSxmYrkZ/QaalPIULRQ97H+cNif43a8UAePQmqm+kyqUSPvWPAcszmM+FtYf+t3iPIS1wfPetaZ7sDtc=
X-Received: by 2002:a5d:65ce:: with SMTP id e14mr24827634wrw.150.1544110013466; Thu, 06 Dec 2018 07:26:53 -0800 (PST)
MIME-Version: 1.0
References: <FRAPR01MB0801A22EEC0D55414EFFEC2ED1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801CDFD28647B7A02D700D2D1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801A452C8111F16940D4D65D1D10@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB080121A9C90A6F78BBD7E4B7D1AF0@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <95C0EB99-9A1F-4650-B764-2CC923B879A2@gmail.com> <CAPDqMeoUPaCiAF_7FeiBko0g=ofH6UcCtMAFn+1yLrPWJQfGWw@mail.gmail.com> <12D7EB58-278A-4ED4-83CE-B72F9206F054@gmail.com> <CAPDqMeqBL2O-g3-u5y2OZvsLJFG-qe_a3dc5qXSR8GaMAFsKXg@mail.gmail.com> <5CDE5968-FF04-4F8D-96F6-5CE51445B3CC@gmail.com>
In-Reply-To: <5CDE5968-FF04-4F8D-96F6-5CE51445B3CC@gmail.com>
Reply-To: sarikaya@ieee.org
From: Behcet Sarikaya <sarikaya2012@gmail.com>
Date: Thu, 6 Dec 2018 09:26:42 -0600
Message-ID: <CAC8QAcd3VmxEJDpr1empheFSJmNPkvPzV9jmk0Qfs7-rzrNmUw@mail.gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
Cc: Tom Herbert <tom@quantonium.net>, Dirk.von-Hugo@telekom.de, RJ Atkinson <rja.lists@gmail.com>, Saleem Bhatti <saleem@st-andrews.ac.uk>, Shunsuke Homma <homma.shunsuke@lab.ntt.co.jp>, Luigi Iannone <ggx@gigix.net>, erik@zededa.com, pidloc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d8cbb4057c5c2013"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pidloc/OA44UPYkf-5y5cAUi0-BH3gSVN0>
Subject: Re: [Pidloc] PIdLoc Webex
X-BeenThere: pidloc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <pidloc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pidloc>, <mailto:pidloc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pidloc/>
List-Post: <mailto:pidloc@ietf.org>
List-Help: <mailto:pidloc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pidloc>, <mailto:pidloc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 15:26:57 -0000

My points below.


On Wed, Dec 5, 2018 at 4:42 PM Dino Farinacci <farinacci@gmail.com> wrote:

> > Dino,
> >
> > Just run your mapping system in a closed and presumably secured
> > network. Every service provider can run their own mapping system and
> > there's no need or value to build global mapping databases.
>
> Yes, of course. That has always been an opiton and many enterprises are
> doing that today.
>
>

I am confused.
Are you (Tom, Dino) saying that service providers are already using IdLoc
protocols?

If not, what do they use their mapping system for?


>
> >> That’s the best any design can hope for. The IP header can only be sent
> in the clear.
> >>
> > In order to communicate with Internet hosts plain text addresses are
> > used in packets. The are identifiers in idloc terminology and they are
>
> In headers in particular. I hope you agree it can be avoided in payloads.
>
> > exposed to the whole Internet. It's the privacy properties of these
> > that are of interest. For instance, today many service providers
> > assign a /64 to their users. So, that means that if a third party on
> > the Internet observes two flow with source addresses sharing the same
> > sixty-four bit prefix they can deduce that the source is the same (the
> > same user in case of personal devices). What is really needed for
> > privacy is to use a different uncorrelatable address per flow. Under
>
> Agree.
>
> > certain conditions, CGNAT provides that today which is why law
> > enforcement agencies are terrified of it. In lieu of NAT, idloc could
> > key to provide this privacy without resorting to NAT. See
> > draft-herbert-ipv6-prefix-address-privacy-00.
> >
>

Wait a minute.
We expect to attack and solve this problem in Pidloc with all of you guys
active participation.

However, solution proposals are of course welcome.

Behcet

> > Tom
>
> Understand. But randomized addresses assign to tail site can still be
> achieved without the high-cost of managing a CGNAT. You only need to route
> back to that randomized/ephemeral address for a short period of time. In
> fact, the ISP can withdraw the route when it wants the tail site to use
> another address.
>
> Dino
>
>
>