Re: [Pidloc] draft-nordmark-id-loc-privacy
Tom Herbert <tom@quantonium.net> Fri, 05 October 2018 14:54 UTC
Return-Path: <tom@quantonium.net>
X-Original-To: pidloc@ietfa.amsl.com
Delivered-To: pidloc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97EC0130DDF for <pidloc@ietfa.amsl.com>; Fri, 5 Oct 2018 07:54:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=quantonium-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id daPVFA0S4NGt for <pidloc@ietfa.amsl.com>; Fri, 5 Oct 2018 07:54:14 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED555130DC6 for <pidloc@ietf.org>; Fri, 5 Oct 2018 07:54:13 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id y10-v6so10859594ioa.10 for <pidloc@ietf.org>; Fri, 05 Oct 2018 07:54:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CjxDucb+FHbbTv+R5Jl84Tel8ozpxU0bCuYUTrmcdPM=; b=toRVkNhlwuNat2ikWfWngL+JGsIEYiP30YkYiKAlf812hi54oQA/3IrV2uHb5rzd2b TmyqMuySfR7qAhgbz0Y8JEENbPCFZNpcpbLrDg1KKgCAEujX7tVHRirIvqmrZ87vlvV8 yQfbtHQkB8+bjse85a0xx1MebwwBrv63V63Bi4q3IiFumWaUVHOmR/MDi/w32e5XA9Om UCXCoRQort//7WCf3ROuVi488vQJ5AIv2I/E2zmxbYmmC4yTEcNTLj9TsVi8rIPPmgpF S8pv8WH6LKQo7c59gn7BhVHqDckRsRz1Equ3XHNiSFQ8zjvuje5IWmi3mfCGXXpjUORC FT9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CjxDucb+FHbbTv+R5Jl84Tel8ozpxU0bCuYUTrmcdPM=; b=mi5PNaK4oazXJ+4/m3OJ7QWWTO4Nshbg5ET6R9y4tIE9s0JPftstOwZkWyv+A7MM6H F0RbdDWhTUELuZ47kCx+SoCaCpn43JCrKnG5UY9VPkIpwk1G6q5OnvBL4Op/qJ5MNZWY PCqx+udMuTVv9NPZ0d3B81cOFp6SBtnPmBXaTAD2oOPYoYi2DG3mExzDkeBQr1aqQyfu cof/DqdnZax9W2ZmJWnMlqAs9t8OJkCNmRAH+QTcYZh4DIfgJ6DiV6lAg9fud04bpDsi kYcfyOVkOcIuYyyym7WxFsgRFv1bF/U44KUYjx+cS4YhB/LZt8J8XgXxDrFTwitA0VL9 L0Ew==
X-Gm-Message-State: ABuFfoh9LuzK4bKZ/K57MC7fdb51QCLmeiHgRXbSbc0nN5/9BDIf01gc a7kAMZXNLbZEz7pe2BtahGbHQ6KDKr8+7kq6sEzWYg==
X-Google-Smtp-Source: ACcGV60xTC0HXTOYV5u+CoqLnQWb1Pb7SbuWTGyXHJqOHGQBMlCBTXa+5laTx43CohIGUJQAiGzNhg2pV003X1EX0+U=
X-Received: by 2002:a6b:18c5:: with SMTP id 188-v6mr8045988ioy.211.1538751253003; Fri, 05 Oct 2018 07:54:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:7a59:0:0:0:0:0 with HTTP; Fri, 5 Oct 2018 07:54:12 -0700 (PDT)
In-Reply-To: <CAC8QAcct_h7Ti+U0U0McF2GSii+ynJZQg4ZO_2058XhPm6dy4w@mail.gmail.com>
References: <CAC8QAcf-w6QhFXAf9c2y69-aWjwoLWJvuPP0Wgp4iT=Qz9+6tQ@mail.gmail.com> <CAPDqMeos1-=xTAdnOw893C3RkiM9wrt7_njg+jDEasHa-kz1zg@mail.gmail.com> <CAC8QAcct_h7Ti+U0U0McF2GSii+ynJZQg4ZO_2058XhPm6dy4w@mail.gmail.com>
From: Tom Herbert <tom@quantonium.net>
Date: Fri, 05 Oct 2018 07:54:12 -0700
Message-ID: <CAPDqMepFhwFwU_G6Wnj+wdtKXT7BX1mPMwQpVkJEEY688FoXVQ@mail.gmail.com>
To: Behcet Sarikaya <sarikaya@ieee.org>
Cc: pidloc@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pidloc/sPb-6kuM8B2PMsLMMEaLhq3u3Yg>
Subject: Re: [Pidloc] draft-nordmark-id-loc-privacy
X-BeenThere: pidloc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <pidloc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pidloc>, <mailto:pidloc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pidloc/>
List-Post: <mailto:pidloc@ietf.org>
List-Help: <mailto:pidloc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pidloc>, <mailto:pidloc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Oct 2018 14:54:17 -0000
On Fri, Oct 5, 2018 at 7:24 AM, Behcet Sarikaya <sarikaya2012@gmail.com> wrote: > > > On Thu, Oct 4, 2018 at 1:15 PM Tom Herbert <tom@quantonium.net> wrote: >> >> On Thu, Oct 4, 2018 at 8:02 AM, Behcet Sarikaya <sarikaya2012@gmail.com> >> wrote: >> > Hi Luigi, Dirk, all, >> > >> > So far we have a number of reviews on Erik's draft indicating some >> > editorial >> > issues and asking for clarification of some parts. All that is good. >> > >> > What I suggest is that we should also look into what he is saying in >> > that >> > draft, what is he suggesting as the future work to do? >> > >> > Here I am going to summary what I could find out: >> > >> > - We should concentrate on long-lived identifiers; >> > >> > - Worry not much on designing a privacy based unified mapping mapping >> > system >> > which we had concentrated in our previous activity. This is because only >> > trusted devices can access the mappings in an operator network >> > >> > - Instead worry about minimizing the privacy implication one can explore >> > limiting to which peers and when the ID/ locator binding are exposed. >> > >> > The cases where ID/locator bindings are exposed (especially any mobile >> > devices) >> > - Family and friends for example where are parents sharing young >> > children >> > location >> >> I don't believe this case is relevant. There's already applications >> that I can use to track my kids (like Life360). These use the GPS in >> mobile devices and secure connections to trasmit location information; >> it's far more accurate and secure than trying to deriving location >> information from a few bits in an IP address. > > > Yes, this has already been alluded to in the draft: > > Today such location sharing happens at an application layer using GPS > coordinates. > > >> I think it's a hard >> requirement that Identifiers (IP addresses in general) must not expose >> geo location or mobile devices, and it follows that identifier/locator >> bindings should never be shared outside a network except LEA orders. >> > > Here is the rest of the above paragraph I quoted from Erik's draft: > > But while such sharing is in effect, it wouldn't be > unreasonable to also consider sharing IP locators to make it more > efficient or more robust to e.g., route a video feed from one device > to another. > > > What do you think? Sure, it could be considered, but the benefits of exposing a third party to identifier/locator mappings would have to be weighed against the cost. The potential cost is weakened user privacy and security. Locators will convey geo location in a mobile network, so if someone knows identifier to locator mapping, then they know location of node with that identifier. But more than that, knowledge of identifier/locator mappings allow correlations to be made between identifiers. For instance, if a device is using some number of untrackable and uncorrelatable identifiers for privacy, knowledge of identifier to locator mappings allows correlations to be made and the identifiers that belong to the device can be deduced and the users can be tracked. Tom > > > Behcet >> >> Tom >> >> > - In industrial IoT case, the devices belonging to the same company >> > share >> > ID/locator bindings but not share the ID/locator binding with third >> > parties >> > >> > In Section 6, the draft points to some possibilities on how this >> > limiting >> > can be achieved: >> > >> > 1. pointing a locator for some fixed anchor point, like PGW or UPF >> > >> > 2. injecting routing prefixes for the ID prefixes into the normal >> > routing >> > system >> > >> > 3. not providing any stable locators across this boundary; only allow >> > ephemeral IP addresses per session or otherwise limited exposure. >> > >> > In short, the draft is coming up with a lot work to do. >> > We suggest that the group takes a close look into all these points and >> > see >> > what we can do :-) >> > Regards, >> > Behcet & Dirk >> > >> > -- >> > Pidloc mailing list >> > Pidloc@ietf.org >> > https://www.ietf.org/mailman/listinfo/pidloc >> >
- [Pidloc] draft-nordmark-id-loc-privacy Behcet Sarikaya
- Re: [Pidloc] draft-nordmark-id-loc-privacy Tom Herbert
- Re: [Pidloc] draft-nordmark-id-loc-privacy Behcet Sarikaya
- Re: [Pidloc] draft-nordmark-id-loc-privacy Tom Herbert
- Re: [Pidloc] draft-nordmark-id-loc-privacy Behcet Sarikaya
- Re: [Pidloc] draft-nordmark-id-loc-privacy Dirk.von-Hugo
- Re: [Pidloc] draft-nordmark-id-loc-privacy Behcet Sarikaya
- Re: [Pidloc] draft-nordmark-id-loc-privacy Luigi Iannone
- Re: [Pidloc] draft-nordmark-id-loc-privacy Luigi Iannone
- Re: [Pidloc] draft-nordmark-id-loc-privacy Behcet Sarikaya