Re: [Pidloc] draft-nordmark-id-loc-privacy
Behcet Sarikaya <sarikaya2012@gmail.com> Mon, 08 October 2018 16:20 UTC
Return-Path: <sarikaya2012@gmail.com>
X-Original-To: pidloc@ietfa.amsl.com
Delivered-To: pidloc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id B5D5A130DC0
for <pidloc@ietfa.amsl.com>; Mon, 8 Oct 2018 09:20:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25,
FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id BF55CVB9_w9y for <pidloc@ietfa.amsl.com>;
Mon, 8 Oct 2018 09:20:43 -0700 (PDT)
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com
[IPv6:2a00:1450:4864:20::334])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 9117C127133
for <pidloc@ietf.org>; Mon, 8 Oct 2018 09:20:41 -0700 (PDT)
Received: by mail-wm1-x334.google.com with SMTP id e187-v6so8920969wmf.0
for <pidloc@ietf.org>; Mon, 08 Oct 2018 09:20:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:reply-to:from:date:message-id
:subject:to:cc;
bh=R5R7oRTnT1KiJ2Ncp4euYdnPdq6PVawBoHaquw8bt/s=;
b=bR+rouOeGhhVNX9gsZ68qBPIg9rHf6Kbd/P0jXRDDWKxjEDXsx2I6f6ArLZ932Y0eT
+opY61g/YZ61XOP07SgwUHHuWDhXtpqk0VJL+qk5piMRDs3LK48kxwTotye4x1EmvQ1m
kZxHKRsyhHbIImTr37k8FOMHN5ZI1a09afuqzvCLYOdmvD35aEFvRJHWFgTMnLC8y39D
CJQDPvghxRfw9IJrBezUiZrhEHuacA0iGv1wh+1acAfB/nsbUKlEEclenbVQwVscGjC3
NI7FTWtkwYCbz4XSlFWkx5L9IyrsJviw3pqlhJNdw19dcJpaaq/5Yznu4jl7eXsvGSqF
tajA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:reply-to
:from:date:message-id:subject:to:cc;
bh=R5R7oRTnT1KiJ2Ncp4euYdnPdq6PVawBoHaquw8bt/s=;
b=rZn1ztrmyDFxLqSXpxY/z0cNVQ4F2CdxyVtyJburhWiuXkgVKQhhfn4BzWtg769leO
P0n1BbZUU6D/IK4hYCySV9xbNN2CZOXJpYaMxpUsYMPSJrAkLW3w0j5l3DEKh7axXzcR
CxywSV03xi3b9msFbOUFP8FOyt3nVme6jK46MRAvlRhlGhLXQLMPbyEqPKTUX8yCo2NO
PewyusjPwEVwE8ha3+2Mc9i3J2XnANRIu42dAK7/0BAzWUUmnNhJ8ZVP+xY1/gGpw8Uv
2KSZpPXyyMadpGUbDQ8iWyznRj+CfDe4VFBXeF47jVp5G/jkiaxyzAkalPlVtjasTVWG
cH4Q==
X-Gm-Message-State: ABuFfoi299l1IfGiRb9V/AL5XubWpK9eL0twiGJzRnjgDkLpK1/xFd7I
dhPIM99cYIJc2xL9eIbN6rseCK8omPoqsqJ6k461PQ==
X-Google-Smtp-Source: ACcGV62pwIgODPY0SGzXTNSlsOQQ0Dz95FFZ+YhofvQBXQwBKNRDWleCl8ZwNj4hAqtS7f+DQnsELG4OIxKzOIgnyjE=
X-Received: by 2002:a1c:1783:: with SMTP id
125-v6mr16324610wmx.75.1539015639877;
Mon, 08 Oct 2018 09:20:39 -0700 (PDT)
MIME-Version: 1.0
References: <CAC8QAcf-w6QhFXAf9c2y69-aWjwoLWJvuPP0Wgp4iT=Qz9+6tQ@mail.gmail.com>
<CAPDqMeos1-=xTAdnOw893C3RkiM9wrt7_njg+jDEasHa-kz1zg@mail.gmail.com>
<CAC8QAcct_h7Ti+U0U0McF2GSii+ynJZQg4ZO_2058XhPm6dy4w@mail.gmail.com>
<CAPDqMepFhwFwU_G6Wnj+wdtKXT7BX1mPMwQpVkJEEY688FoXVQ@mail.gmail.com>
<CAC8QAcdLqj1zMuitq-88dmHEZ5YXyYwR7ytwJftdcPwBn1wnDg@mail.gmail.com>
<FRAPR01MB0801B1C10EFB13D804095D3ED1E60@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE>
In-Reply-To: <FRAPR01MB0801B1C10EFB13D804095D3ED1E60@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE>
Reply-To: sarikaya@ieee.org
From: Behcet Sarikaya <sarikaya2012@gmail.com>
Date: Mon, 8 Oct 2018 11:20:28 -0500
Message-ID: <CAC8QAcfW=ov9hc-mhM2hOR9iy1jTqh3h5WXAydDeeaoKrP862A@mail.gmail.com>
To: Tom Herbert <tom@quantonium.net>
Cc: pidloc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000084ce510577ba00e2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pidloc/gFAT0PkpR1FuWTY_enwqYXjkrNI>
Subject: Re: [Pidloc] draft-nordmark-id-loc-privacy
X-BeenThere: pidloc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <pidloc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pidloc>,
<mailto:pidloc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pidloc/>
List-Post: <mailto:pidloc@ietf.org>
List-Help: <mailto:pidloc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pidloc>,
<mailto:pidloc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Oct 2018 16:20:45 -0000
Hi Tom, On Mon, Oct 8, 2018 at 10:01 AM <Dirk.von-Hugo@telekom.de> wrote: > See below … > > Thanks and BR, Dirk > > On Fri, Oct 5, 2018 at 9:54 AM Tom Herbert <tom@quantonium.net> wrote: > > On Fri, Oct 5, 2018 at 7:24 AM, Behcet Sarikaya <sarikaya2012@gmail.com> > wrote: > > > > > > On Thu, Oct 4, 2018 at 1:15 PM Tom Herbert <tom@quantonium.net> wrote: > >> > >> On Thu, Oct 4, 2018 at 8:02 AM, Behcet Sarikaya <sarikaya2012@gmail.com > > > >> wrote: > >> > Hi Luigi, Dirk, all, > >> > > >> > So far we have a number of reviews on Erik's draft indicating some > >> > editorial > >> > issues and asking for clarification of some parts. All that is good. > >> > > >> > What I suggest is that we should also look into what he is saying in > >> > that > >> > draft, what is he suggesting as the future work to do? > >> > > >> > Here I am going to summary what I could find out: > >> > > >> > - We should concentrate on long-lived identifiers; > >> > > >> > - Worry not much on designing a privacy based unified mapping mapping > >> > system > >> > which we had concentrated in our previous activity. This is because > only > >> > trusted devices can access the mappings in an operator network > >> > > >> > - Instead worry about minimizing the privacy implication one can > explore > >> > limiting to which peers and when the ID/ locator binding are exposed. > >> > > >> > The cases where ID/locator bindings are exposed (especially any mobile > >> > devices) > >> > - Family and friends for example where are parents sharing young > >> > children > >> > location > >> > >> I don't believe this case is relevant. There's already applications > >> that I can use to track my kids (like Life360). These use the GPS in > >> mobile devices and secure connections to trasmit location information; > >> it's far more accurate and secure than trying to deriving location > >> information from a few bits in an IP address. > > > > > > Yes, this has already been alluded to in the draft: > > > > Today such location sharing happens at an application layer using GPS > > coordinates. > > > > > >> I think it's a hard > >> requirement that Identifiers (IP addresses in general) must not expose > >> geo location or mobile devices, and it follows that identifier/locator > >> bindings should never be shared outside a network except LEA orders. > >> > > > > Here is the rest of the above paragraph I quoted from Erik's draft: > > > > But while such sharing is in effect, it wouldn't be > > unreasonable to also consider sharing IP locators to make it more > > efficient or more robust to e.g., route a video feed from one device > > to another. > > > > > > What do you think? > > Sure, it could be considered, but the benefits of exposing a third > party to identifier/locator mappings would have to be weighed against > the cost. The potential cost is weakened user privacy and security. > Locators will convey geo location in a mobile network, so if someone > knows identifier to locator mapping, then they know location of node > with that identifier. > > > But more than that, knowledge of > identifier/locator mappings allow correlations to be made between > identifiers. For instance, if a device is using some number of > untrackable and uncorrelatable identifiers for privacy, knowledge of > identifier to locator mappings allows correlations to be made and the > identifiers that belong to the device can be deduced and the users can > be tracked. > > > So you are saying that there is a cost for allowing Id/Loc mappings. Do you think that letting family and friends or Industrial IoT devices that belong to my company know my locator also poses similar cost or issue? What should we do? How could this effect, e.g. ILA? Behcet > Absolutely. > > > > One reason why I posted this mail was to encourage the discussion of > solution approaches in different > > IdLoc protocols. > > How could we treat each of cases of Family and Friends, Industrial IoT, > etc. in ILA, ILNP, and LISP? > > What about the three points in Section 6? > > > > Behcet > > > > DH> I think we have to differentiate here between IP Locator mentioned > above and geolocation. While the first used for end point routing may be > statically correlated to a trackable geographic position and thus allow for > privacy related tracking there should be measures to obfuscate this mapping > to the outside world as the one between name or Identity to current > location. > > As such measures could serve the choices how to handle ID/locator mapping > mentioned by Erik in sect. 6: > > - still using an ID/locator system but pointing a locator for some fixed > anchor point, > > - injecting routing prefixes for the ID prefixes into the normal routing > system > > - not providing any stable locators across the boundary between Id/Loc > domain and rest of world … > > > > I have no preference for the time being > >
- [Pidloc] draft-nordmark-id-loc-privacy Behcet Sarikaya
- Re: [Pidloc] draft-nordmark-id-loc-privacy Tom Herbert
- Re: [Pidloc] draft-nordmark-id-loc-privacy Behcet Sarikaya
- Re: [Pidloc] draft-nordmark-id-loc-privacy Tom Herbert
- Re: [Pidloc] draft-nordmark-id-loc-privacy Behcet Sarikaya
- Re: [Pidloc] draft-nordmark-id-loc-privacy Dirk.von-Hugo
- Re: [Pidloc] draft-nordmark-id-loc-privacy Behcet Sarikaya
- Re: [Pidloc] draft-nordmark-id-loc-privacy Luigi Iannone
- Re: [Pidloc] draft-nordmark-id-loc-privacy Luigi Iannone
- Re: [Pidloc] draft-nordmark-id-loc-privacy Behcet Sarikaya