Re: [Pidloc] PIdLoc Webex

Tom Herbert <tom@quantonium.net> Thu, 06 December 2018 15:43 UTC

Return-Path: <tom@quantonium.net>
X-Original-To: pidloc@ietfa.amsl.com
Delivered-To: pidloc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F264D130DDF for <pidloc@ietfa.amsl.com>; Thu, 6 Dec 2018 07:43:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.358
X-Spam-Level:
X-Spam-Status: No, score=-3.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=quantonium-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAFxAkiTZYn8 for <pidloc@ietfa.amsl.com>; Thu, 6 Dec 2018 07:43:12 -0800 (PST)
Received: from mail-it1-x12f.google.com (mail-it1-x12f.google.com [IPv6:2607:f8b0:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D539112F18C for <pidloc@ietf.org>; Thu, 6 Dec 2018 07:43:11 -0800 (PST)
Received: by mail-it1-x12f.google.com with SMTP id h65so2096200ith.3 for <pidloc@ietf.org>; Thu, 06 Dec 2018 07:43:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wlzsJbF8/hXO5NGk5LNZ9rSY+PYC1NgQsbdhKpQkCmU=; b=eXuKkshlbMeHNyqqYOq0oD101WSGwfuludwgBi8b5J9wEWlcQ484KbSBHDvKeRzuNq aQw7cl6Q49Q/cOXx62K0PUJCAG8ZLNOO/UViZ08zFhiGe8a4ORY5flmp9PLZStIHRll1 2pRR4GRYFluickI84sCxWZXFah5bvzZ3acsojAP5UjqiUPdLOgxRxCARanKuWWroQOGy jLxeq8PmZsXd8F1s2iScm2/KTHCFYOgBnRV6J/tzNjEA4GirCoAh1wVhzkXAErs9XkNE SYdkvhn5BswLbG66rLghC8V1dInhQ9EffXsvVGDRvTHzZbU8T5EPQTCZFqiW9htMBKde CZhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wlzsJbF8/hXO5NGk5LNZ9rSY+PYC1NgQsbdhKpQkCmU=; b=fTSsHuOycEn1W3mM8fE7TeUqzzFvJdwZ8igvsk64V4Z3QS2kn3WBvbKyv75Hv+H4D4 RJtoWEf90sT77Z4TmfDe4CHCKZbwKCwxFc6ENCPO3uZEr7Qqo1yX9qsYx10r091JeJ1j CLH+wx6pt5jExhW+DAOlpKrNc+kmfXkuHSzbXVfsFQt/Jn67PbdjwiKVfwCPdMymqRvK hLXGJahGjr1ihuqTZm3CrOS3afKZGpxfWRGfIjUf2olptV77idIjDcUta44MpSgX3RrH DsMkyyaHD8V5Z35mLZXOKABN3y6HirfzQtKwMHj6jGmNKjWucfk9XHGyv8rj+b27Kam8 gX4w==
X-Gm-Message-State: AA+aEWY01hv2odu8WXesuXyuZPkiRG5k9epwxe/v/YgJIjJv5brdg8n/ icuwGcoQpkqi7DcxIqsiQpLgTEIxM0MI6/rvArlK+g==
X-Google-Smtp-Source: AFSGD/XgrrNtpkhPydJ1ylZrpPp/sjfl7c+chVb5UQAbzLYDKwfsulW5fTWk9F4AQdYBXcZUNnbsIhuxQnFBoQppBp8=
X-Received: by 2002:a02:7e95:: with SMTP id g21mr25001544jae.114.1544110990884; Thu, 06 Dec 2018 07:43:10 -0800 (PST)
MIME-Version: 1.0
References: <FRAPR01MB0801A22EEC0D55414EFFEC2ED1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801CDFD28647B7A02D700D2D1D00@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB0801A452C8111F16940D4D65D1D10@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <FRAPR01MB080121A9C90A6F78BBD7E4B7D1AF0@FRAPR01MB0801.DEUPRD01.PROD.OUTLOOK.DE> <95C0EB99-9A1F-4650-B764-2CC923B879A2@gmail.com> <CAPDqMeoUPaCiAF_7FeiBko0g=ofH6UcCtMAFn+1yLrPWJQfGWw@mail.gmail.com> <12D7EB58-278A-4ED4-83CE-B72F9206F054@gmail.com> <CAPDqMeqBL2O-g3-u5y2OZvsLJFG-qe_a3dc5qXSR8GaMAFsKXg@mail.gmail.com> <5CDE5968-FF04-4F8D-96F6-5CE51445B3CC@gmail.com> <CAC8QAcd3VmxEJDpr1empheFSJmNPkvPzV9jmk0Qfs7-rzrNmUw@mail.gmail.com>
In-Reply-To: <CAC8QAcd3VmxEJDpr1empheFSJmNPkvPzV9jmk0Qfs7-rzrNmUw@mail.gmail.com>
From: Tom Herbert <tom@quantonium.net>
Date: Thu, 6 Dec 2018 07:42:59 -0800
Message-ID: <CAPDqMep-toyh1CJRfXRaLR-MSfshKZ9WJNBVuq3qD5iVX5KVDw@mail.gmail.com>
To: Behcet Sarikaya <sarikaya@ieee.org>
Cc: Dino Farinacci <farinacci@gmail.com>, dirk.von-hugo@telekom.de, RJ Atkinson <rja.lists@gmail.com>, Saleem Bhatti <saleem@st-andrews.ac.uk>, Shunsuke Homma <homma.shunsuke@lab.ntt.co.jp>, Luigi Iannone <ggx@gigix.net>, erik@zededa.com, pidloc@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001b5b24057c5c5b3d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pidloc/ghmRrhCQhUBdKcR2IPE2i-W0-E8>
Subject: Re: [Pidloc] PIdLoc Webex
X-BeenThere: pidloc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <pidloc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pidloc>, <mailto:pidloc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pidloc/>
List-Post: <mailto:pidloc@ietf.org>
List-Help: <mailto:pidloc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pidloc>, <mailto:pidloc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 15:43:14 -0000

On Thu, Dec 6, 2018, 7:26 AM Behcet Sarikaya <sarikaya2012@gmail.com wrote:

>
> My points below.
>
>
> On Wed, Dec 5, 2018 at 4:42 PM Dino Farinacci <farinacci@gmail.com> wrote:
>
>> > Dino,
>> >
>> > Just run your mapping system in a closed and presumably secured
>> > network. Every service provider can run their own mapping system and
>> > there's no need or value to build global mapping databases.
>>
>> Yes, of course. That has always been an opiton and many enterprises are
>> doing that today.
>>
>>
>
> I am confused.
> Are you (Tom, Dino) saying that service providers are already using IdLoc
> protocols?
>

Network virtualization is IdLoc where virtual address is an identifier and
physical address is locator. Cloud providers have deployed this in various
forms for a long time now.

>
> If not, what do they use their mapping system for?
>
>
> >
>> >> That’s the best any design can hope for. The IP header can only be
>> sent in the clear.
>> >>
>> > In order to communicate with Internet hosts plain text addresses are
>> > used in packets. The are identifiers in idloc terminology and they are
>>
>> In headers in particular. I hope you agree it can be avoided in payloads.
>>
>> > exposed to the whole Internet. It's the privacy properties of these
>> > that are of interest. For instance, today many service providers
>> > assign a /64 to their users. So, that means that if a third party on
>> > the Internet observes two flow with source addresses sharing the same
>> > sixty-four bit prefix they can deduce that the source is the same (the
>> > same user in case of personal devices). What is really needed for
>> > privacy is to use a different uncorrelatable address per flow. Under
>>
>> Agree.
>>
>> > certain conditions, CGNAT provides that today which is why law
>> > enforcement agencies are terrified of it. In lieu of NAT, idloc could
>> > key to provide this privacy without resorting to NAT. See
>> > draft-herbert-ipv6-prefix-address-privacy-00.
>> >
>>
>
> Wait a minute.
> We expect to attack and solve this problem in Pidloc with all of you guys
> active participation.
>
> However, solution proposals are of course welcome.
>
> Behcet
>
>> > Tom
>>
>> Understand. But randomized addresses assign to tail site can still be
>> achieved without the high-cost of managing a CGNAT. You only need to route
>> back to that randomized/ephemeral address for a short period of time. In
>> fact, the ISP can withdraw the route when it wants the tail site to use
>> another address.
>>
>> Dino
>>
>>
>>