Re: [privacydir] request for a SAVI doc review

[Ted Hardie <ted.ietf@gmail.com>]

Hi Stephen,

This sounds fine to me,

regards,

Ted

On Tue, Nov 1, 2011 at 4:30 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:

>
> Hi Ted,
>
> I've also had a read of this now and agree with you. I'm putting
> in a discuss that says:
>
> "This makes no mention at all of privacy which I think needs to
> be there somewhere. Given that Joel is planning to add text on
> that to savi-threats I'd be fine if that is just referenced from
> here, or even if that text is moved from savi-threats to this
> document, and savi-threats could refer to it here. But the
> privacy implications of SAVI do need to be covered here too."
>
> I think that ought be ok since I expect Joel to do a good
> job on this in the savi-threats document. I also put in a link
> to your mail as a comment.
>
> Let me know if you think that more or something else is
> likely to be needed.
>
> Thanks again for the review,
>
> S.
>
>
> On 10/31/2011 08:07 PM, Ted Hardie wrote:
>
>> Hi Stephen,
>>
>> I've read through the framework document.  My baseline impression is that
>> the document makes a presumption about the relationship between the host
>> and the network employing SAVI that is true when it is the access network
>> (that is, the network assigning the IP address to be verified).  In that
>> deployment scenario, it is expected for the network to be able to
>> associate
>> layer two identifiers with the layer 3 identifier (after all, it must to
>> be
>> able to deliver return traffic).
>>
>> What's not clear to the naive reader (read: me) is how you prevent SAVI
>> from operating from other parts of the network; that is, how does the
>> overall framework guard against SAVI being used by some later network
>> on-path getting access to these bindings? I assume that this is detailed
>> elsewhere in the protocol documents, but I believe a short discussion of
>> the privacy threat in framework, along with a pointer to the protocol
>> mechanism would be valuable.
>>
>> If the expectation is that SAVI can operate from multiple places in the
>> network (including, say, the destination network), then I believe there is
>> a more serious privacy concern.
>>
>> regards,
>>
>> Ted Hardie
>>
>> On Thu, Oct 27, 2011 at 9:07 AM, Stephen Farrell
>> <stephen.farrell@cs.tcd.ie>**wrote:
>>
>>
>>> Hi,
>>>
>>> There's a SAVI document [1] on the Nov 3 telechat. I'd appreciate
>>> a review of that from a privacy perspective if someone has the
>>> time in the next week. (Just reply to this if you've time.)
>>>
>>> Previous SAVI documents have generated privacy related
>>> DISCUSSes [2,3] which may be useful background.
>>>
>>> Thanks in advance,
>>> S.
>>>
>>> [1] https://datatracker.ietf.org/****doc/draft-ietf-savi-**framework/<https://datatracker.ietf.org/**doc/draft-ietf-savi-framework/>
>>> <https://**datatracker.ietf.org/doc/**draft-ietf-savi-framework/<https://datatracker.ietf.org/doc/draft-ietf-savi-framework/>
>>> >
>>> [2] https://datatracker.ietf.org/****doc/draft-ietf-savi-fcfs/<https://datatracker.ietf.org/**doc/draft-ietf-savi-fcfs/>
>>> <htt**ps://datatracker.ietf.org/doc/**draft-ietf-savi-fcfs/<https://datatracker.ietf.org/doc/draft-ietf-savi-fcfs/>
>>> >
>>> [3] https://datatracker.ietf.org/****doc/draft-ietf-savi-threat-****
>>> scope/<https://datatracker.ietf.org/**doc/draft-ietf-savi-threat-**scope/>
>>> <https://datatracker.**ietf.org/doc/draft-ietf-savi-**threat-scope/<https://datatracker.ietf.org/doc/draft-ietf-savi-threat-scope/>
>>> >
>>>
>>> ______________________________****_________________
>>> privacydir mailing list
>>> privacydir@ietf.org
>>> https://www.ietf.org/mailman/****listinfo/privacydir<https://www.ietf.org/mailman/**listinfo/privacydir>
>>> <https://**www.ietf.org/mailman/listinfo/**privacydir<https://www.ietf.org/mailman/listinfo/privacydir>
>>> >
>>>
>>>
>>