Re: [privacydir] request for a SAVI doc review
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 01 November 2011 00:15 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: privacydir@ietfa.amsl.com
Delivered-To: privacydir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B234E1F0D9F for <privacydir@ietfa.amsl.com>; Mon, 31 Oct 2011 17:15:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YYTWWuJoA7kA for <privacydir@ietfa.amsl.com>; Mon, 31 Oct 2011 17:15:58 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 43F9D1F0C44 for <privacydir@ietf.org>; Mon, 31 Oct 2011 17:15:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 7F031171C6D; Tue, 1 Nov 2011 00:15:51 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1320106551; bh=6GoWc4ADQ1m1j5 N7q8f+T+oXGj4Z1SxcrckHtfgbwRk=; b=xRmYNleEYv1CUWHtkuazTfzGx3ujTx LCghQsONClD9920bxE6tapTwTR2VBFKFCOudZraA10jMZLC0iTB+valyPLI8/V4Y FV//EUTzMW2InG3r/arjq6AzLzfT+9YTBoLN9N3XfDRQH71hbr9lDhK3Q44hIE6G O+9L9Of6uCg3Ai+Dv9jvRNtMtSMkFjftA6HaJ6US0YIlfDeRHdoaDhG0ekmaYgh5 +B2GZCU6azppy9F7LzNiUSvUFvvRu813YLWNYczBUJgmWlt9tQsZvdrMJkKOuN3b E5V6+v3P3pfCeOIeNmMzAJukfEjCJ1lP6++7KrgKAYdWkEbPnm3Bs0VQ==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id IpXyjEExtksx; Tue, 1 Nov 2011 00:15:51 +0000 (GMT)
Received: from [10.87.48.5] (unknown [86.42.178.151]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 04829171C00; Tue, 1 Nov 2011 00:15:50 +0000 (GMT)
Message-ID: <4EAF3A36.1050406@cs.tcd.ie>
Date: Tue, 01 Nov 2011 00:15:50 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Ted Hardie <ted.ietf@gmail.com>
References: <4EA981A9.2080200@cs.tcd.ie> <CA+9kkMD-JgQhHb5ZhemOcvs9owV1BoRbn6ROswpG+O0q5fvK1g@mail.gmail.com>
In-Reply-To: <CA+9kkMD-JgQhHb5ZhemOcvs9owV1BoRbn6ROswpG+O0q5fvK1g@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: privacydir@ietf.org
Subject: Re: [privacydir] request for a SAVI doc review
X-BeenThere: privacydir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Privacy Directorate to develop the concept of privacy considerations for IETF specifications and to review internet-drafts for privacy considerations." <privacydir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacydir>, <mailto:privacydir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/privacydir>
List-Post: <mailto:privacydir@ietf.org>
List-Help: <mailto:privacydir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacydir>, <mailto:privacydir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2011 00:15:59 -0000
Ted, Thanks for that, the insight is helpful. Cheers, S. On 10/31/2011 08:07 PM, Ted Hardie wrote: > Hi Stephen, > > I've read through the framework document. My baseline impression is that > the document makes a presumption about the relationship between the host > and the network employing SAVI that is true when it is the access network > (that is, the network assigning the IP address to be verified). In that > deployment scenario, it is expected for the network to be able to associate > layer two identifiers with the layer 3 identifier (after all, it must to be > able to deliver return traffic). > > What's not clear to the naive reader (read: me) is how you prevent SAVI > from operating from other parts of the network; that is, how does the > overall framework guard against SAVI being used by some later network > on-path getting access to these bindings? I assume that this is detailed > elsewhere in the protocol documents, but I believe a short discussion of > the privacy threat in framework, along with a pointer to the protocol > mechanism would be valuable. > > If the expectation is that SAVI can operate from multiple places in the > network (including, say, the destination network), then I believe there is > a more serious privacy concern. > > regards, > > Ted Hardie > > On Thu, Oct 27, 2011 at 9:07 AM, Stephen Farrell > <stephen.farrell@cs.tcd.ie>wrote: > >> >> Hi, >> >> There's a SAVI document [1] on the Nov 3 telechat. I'd appreciate >> a review of that from a privacy perspective if someone has the >> time in the next week. (Just reply to this if you've time.) >> >> Previous SAVI documents have generated privacy related >> DISCUSSes [2,3] which may be useful background. >> >> Thanks in advance, >> S. >> >> [1] https://datatracker.ietf.org/**doc/draft-ietf-savi-framework/<https://datatracker.ietf.org/doc/draft-ietf-savi-framework/> >> [2] https://datatracker.ietf.org/**doc/draft-ietf-savi-fcfs/<https://datatracker.ietf.org/doc/draft-ietf-savi-fcfs/> >> [3] https://datatracker.ietf.org/**doc/draft-ietf-savi-threat-**scope/<https://datatracker.ietf.org/doc/draft-ietf-savi-threat-scope/> >> >> ______________________________**_________________ >> privacydir mailing list >> privacydir@ietf.org >> https://www.ietf.org/mailman/**listinfo/privacydir<https://www.ietf.org/mailman/listinfo/privacydir> >> >
- [privacydir] request for a SAVI doc review Stephen Farrell
- Re: [privacydir] request for a SAVI doc review Ted Hardie
- Re: [privacydir] request for a SAVI doc review Richard L. Barnes
- Re: [privacydir] request for a SAVI doc review Ted Hardie
- Re: [privacydir] request for a SAVI doc review Stephen Farrell
- Re: [privacydir] request for a SAVI doc review Stephen Farrell
- Re: [privacydir] request for a SAVI doc review Ted Hardie