[Pidloc] Criteria or metric for privacy in IP addressing
Tom Herbert <tom@quantonium.net> Wed, 08 August 2018 15:19 UTC
Return-Path: <tom@quantonium.net>
X-Original-To: pidloc@ietfa.amsl.com
Delivered-To: pidloc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DABD0130E12 for <pidloc@ietfa.amsl.com>; Wed, 8 Aug 2018 08:19:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=quantonium-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PM3beWN22S0j for <pidloc@ietfa.amsl.com>; Wed, 8 Aug 2018 08:19:51 -0700 (PDT)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB6CF130E3C for <pidloc@ietf.org>; Wed, 8 Aug 2018 08:19:50 -0700 (PDT)
Received: by mail-wm0-x234.google.com with SMTP id y9-v6so3162663wma.5 for <pidloc@ietf.org>; Wed, 08 Aug 2018 08:19:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=60D3ykfxKbKmNJRYS8IzhOxVaPVTS8T4tEBKO3LtwUY=; b=yjJ09+Qk2yXvJKmyUap9tzcV81UiDWY5t+r3qouTfQ3hQCJs7OIEgP/D+L3aI+ERGI fYyU3kyycvFi/jyNZqRSUl0kpXP+zLu7ZeRESog4wm0NlItYiuusa4A4PR5YOqpeX0Cf Y687StJhl+XwasvTunNbGEsoIahyUd49IGkT/hc2TJPeL9MOSxSxUUZHdtHoYYT3OAXE 8LvxFb34Rk1/h01/FDr+ZQWRX+5DBH9Y7GuDLpBD6LIg6YXzbMBCpmA4eqTp6Ax6zbSr HYrgK3bODCgguCU+rZfWKOcx4z+RsqAc7ZXDT4zIXCIXrPWxoN7/JeSM1HIq9sfd7YOZ +iTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=60D3ykfxKbKmNJRYS8IzhOxVaPVTS8T4tEBKO3LtwUY=; b=h3DCUkBwKwvE/GR8ERFITcXmzr8PyA7r7X79LdSTM1qiP0YI2qYYKS/CR2ornPEyUX /nWPfbKMCBH3tmbyW0IR2HulZclyk+kfwcXot6QKXvOYmIY9NFk/zwbePmjB8kzB1Rhj ujF3J5XRW7I0t8mOfd6eDS9O+OpTKbdYudgcBm53DycH4leYHcngM07aV6qEdDFl/hcv AWoQnNv9ITbErc7R4g5cgVLaZepRA//9ZYhjzMS5wDzU+c7TERZqNjGWIag26PQnJIoq /bMzcaHUhwQZhaJgnLRTrxTy+D587V4NeXI8sPQuA9cqDMmUHKSucjlYoS8ssjxT65jB 4NnA==
X-Gm-Message-State: AOUpUlEeKSCVPu6UzXQg+lvQM1o9l+pkXIMgGy2/7WMKHHYu/Gj7gAqJ /6FnIrqgLtNnsFD3HK5WARQLsJ49rHacRmSd7ya4xgmufS0=
X-Google-Smtp-Source: AA+uWPzEsLO4Yf9ovbTAZubz9hl6vV1BXH2i+kGbwOcPob7+eN3iiSdO1b/N1T376YPbixDMlhLVLawMDsQHBFkeHbw=
X-Received: by 2002:a1c:752:: with SMTP id 79-v6mr2333562wmh.59.1533741589126; Wed, 08 Aug 2018 08:19:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:fa86:0:0:0:0:0 with HTTP; Wed, 8 Aug 2018 08:19:48 -0700 (PDT)
From: Tom Herbert <tom@quantonium.net>
Date: Wed, 08 Aug 2018 08:19:48 -0700
Message-ID: <CAPDqMepYsvcLHVxHJ-jtGTiqZOxxjPfN-GsS65xstDnq4DY9PQ@mail.gmail.com>
To: pidloc@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pidloc/rcZCoBumwG8RWG9xn7mO3of8fUI>
Subject: [Pidloc] Criteria or metric for privacy in IP addressing
X-BeenThere: pidloc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: <pidloc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pidloc>, <mailto:pidloc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pidloc/>
List-Post: <mailto:pidloc@ietf.org>
List-Help: <mailto:pidloc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pidloc>, <mailto:pidloc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Aug 2018 15:19:53 -0000
Hello, In discussions about privacy in the IETF there does not seem to be any metrics or criteria about what "good privacy" is for a user. Descriptions of privacy always seem to be qualitative as opposed to quantitative. A good example is around recommendations to periodically change addresses. Intutively, randomly changing addresses on a host helps privacy, and the more frequently addresses are changed the better for privacy. But that's entirely unqualified intuition. If the period of address changes goes from 12 hrs. to 6 hrs., we can't say that the probabiliy of a user's privacy being compromised has been cut in half. In fact, we can't really say much as all-- it's at best a _maybe_ that a user's privacy has improved. To this end, a proposed set of criteria for strong privacy in addressing is provided in https://tools.ietf.org/html/draft-herbert-ipv6-prefix-address-privacy-00. The proposed criteria are: o Addresses are composed of a global routing prefix and a suffix that is internal to an organization or provider. This is the same property for IP addresses [RFC4291]. o The registry and organization of an address can be determined by the network prefix. This is true for any global address. The organizational bits in the address should have minimal hierarchy to prevent inference. It might be reasonable to have an internal prefix that divides identifiers based on broad geographic regions, but detailed information such as location, department in an enterprise, or device type should not be encoded in a globally visible address. o Given two addresses and no other information, the desired properties of correlating them are: o It can be inferred if they belong to the same organization and registry. This is true for any two global IP addresses. o It may be inferred that they belong to the same broad grouping, such as a geographic region, if the information is encoded in the organizational bits of the address. o No other correlation can be established. It cannot be inferred that the IP addresses address the same node, the addressed nodes reside in the same subnet, rack, or department, or that the nodes for the two addresses have any geographic proximity to one another.
- [Pidloc] Criteria or metric for privacy in IP add… Tom Herbert
- Re: [Pidloc] Criteria or metric for privacy in IP… Dirk.von-Hugo