Re: [saag] Discovery: can it be solved
Ted Hardie <ted.ietf@gmail.com> Wed, 17 November 2021 10:14 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2CBD3A0BC5 for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 02:14:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DNe9nUqDADYA for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 02:13:59 -0800 (PST)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5EE53A0BB4 for <saag@ietf.org>; Wed, 17 Nov 2021 02:13:59 -0800 (PST)
Received: by mail-io1-xd2c.google.com with SMTP id f9so2325889ioo.11 for <saag@ietf.org>; Wed, 17 Nov 2021 02:13:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4ESn8JXw9wlHwB0IiNJTErZze12gdaUE9rK3xf3SV48=; b=o4/kPHmqRcfoHlyzsvO7HmR/E40PtCxbnbAxhg8lGpPM0aKcEfYrcIJwjicA5tmSLw POFiFMfPDAZc/bU0QRA/WdE/O5TF2JLtLkmIKCyWajphN2KL9hq3Cs1JmGrh0/sZ3WW/ 1Sy0PXe8BTqJwg1jRObo6wvaFTHRoZMsEXOZHkMbjdJX9atpf5rTfUH00EwmSou2US1M voyXqC5C1UjqcVbHybRLHXAIHYHd+MRaI7cAxfqNtMcC5i6BR9IhUor7LKVex/Flp9kB Ixcauticp9Qk54eVsPADSyzVNhHIsexdraFnoNqd4HNpzsjBkT59MkbBHiXxZJDohyk3 HhTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4ESn8JXw9wlHwB0IiNJTErZze12gdaUE9rK3xf3SV48=; b=2zgF7K4e103QZUh2qLzsCVX7f4cxCB+nLdtTTEhFRHkNIaFaai9804PkwAhb1zQf17 ZhVj2HjUtYk2qrlHivKnki2xGcvR7990SGEu0iaASMNTCsOC1cANxN77A8XPuiZVQmfY fuuMXMoqVRWO7lKrC6ht81CetDlBX4lRQEoNrHvwt/fUIUf6qJdLzqEADN8R9oEAyafQ 1UfuJHSJfb88z5gu20uM6ZxfKmO0ULgJfLtUpYAXSljSxXXLAFVA3SZm8U/2KfTKrYLr hB5/F+5enEE+syxWYNNE1+qX01J3rOsv/2De9HUpnmQEjbr+MfIJCgJoSzcvbMy+b4Vr 2eEg==
X-Gm-Message-State: AOAM531vXeHkn2B1uyschKBiZOUJvhtIAyykIy870eBN9JN2ms/So9s0 As5oTCTicZKFkVtYcpYClBOuCUZ4uyQ+quP+WFklM6neDnsPkw==
X-Google-Smtp-Source: ABdhPJwQYwZjrQ5pxAlwmiXm7xOMg13i62jbIufxQyuNfZc9yy9iqA8SruZr0tfTXfIwaJTf/P9mRqwkjbAmAcU1Sto=
X-Received: by 2002:a05:6638:11cb:: with SMTP id g11mr11308052jas.139.1637144038079; Wed, 17 Nov 2021 02:13:58 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com> <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com> <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com> <19101.1637068497@localhost> <CAPDSy+6YJcu+DGJMX2vzHNPtJyeW62qd7r4DsDoXtcY=4vKtgw@mail.gmail.com>
In-Reply-To: <CAPDSy+6YJcu+DGJMX2vzHNPtJyeW62qd7r4DsDoXtcY=4vKtgw@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Wed, 17 Nov 2021 10:13:31 +0000
Message-ID: <CA+9kkMCN1ifjB6xMHWhZWNWiuLCD98kBv7Nr1FPcxavZFk4X5g@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: saag@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d6017105d0f94c88"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/_qIzxvDXrHwhyoPQ2Ka4doYXK4M>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Nov 2021 10:14:05 -0000
Hi David, On Tue, Nov 16, 2021 at 9:25 PM David Schinazi <dschinazi.ietf@gmail.com> wrote: > I don't see any value in standardizing discovery of privacy-related > services. > When a client device (a user agent, if you will) ships a feature that is > marketed at improving user privacy, the vendor makes some promises to its > users. For example, it could say "your IP address is hidden from websites". > The vendor needs to follow through on that claim, and the way it does that > is > by using specific proxies that it trusts. > Put differently, the need for discovery depends on what claim the folks shipping the feature put forward. I can imagine claims that work with discovery, like "This software protects from on-the-wire observers collecting your DNS traffic by using any locally available DoH or DoQ services. It falls back to a globally configured service when no local services are available." I can imagine claims that do not. As Martin put it: What security basis do we have for clients retrieving critical information from the network? How does that affect the security of those clients? How might that shape how the services that are discovered can be deployed? What does that do to the diversity of those services? Unless we somehow establish a consensus security basis for clients retrieving critical information from the network, it seems likely to me that at least some deployments will use discovered services. > If the vendor is fancy, it might even build > a two-hop system with some cool privacy properties - but those properties > still > rely on the contractual agreements the vendor has with the other proxy > operators. > The vendor simply isn't going to let the local network recommend a proxy > provider, > because then the vendor would be lying to its users. > Your model is presuming a pretty powerful vendor, who can establish trust with multiple proxies and who is maintaining contracts with them to achieve its goals. Less powerful (or wealthy) software providers will likely rely on shared infrastructure for this, and there are models in which an organization rather than a vendor provides them (a university might stand up an OHAI-like proxy, for example, to protect the data of its students). One size is not going to fit all here, I'm afraid. regards, Ted Hardie > > David > > On Tue, Nov 16, 2021 at 5:15 AM Michael Richardson <mcr+ietf@sandelman.ca> > wrote: > >> >> Martin Thomson <mt@lowentropy.net> wrote: >> > The questions here are more fundamental. What security basis do we >> > have for clients retrieving critical information from the network? >> How >> > does that affect the security of those clients? How might that shape >> > how the services that are discovered can be deployed? What does >> that do >> > to the diversity of those services? >> >> I think that this is a pretty good question. >> >> 1) IoT LLN networks would like to avoid multicast, and so we have a move >> from >> multicast everything to register. >> >> 2) It's not a big-yellow-coax anyway, multicast is not real (its >> emulated), >> MLD is broken in many places, we can't continue to play L2 tricks. >> We need to acknowledge the real L1 topology, and we can do this in >> IPv6. >> >> 3) SEND failed due to lack of network/node/node trust relationships. >> >> 4) How many temporary addresses can the network sustain for each node? >> We have no way in current RA/RS ND/NA for the routers to put any kind >> of limit, and we already have documents that deal with pre-populating >> NCE in routers to lower latency on initial connections. >> If nodes need to register, then maybe the authentication can be mutual. >> >> > At some level, the question of IP intermediation (aka routing) has >> been >> > solved. We assume virtually nothing from IP forwarding and routing, >> > but also expect very little from those providing that service. >> >> I don't really agree with this statement. I don't think it's been solved. >> I think that we have paved over this relationship (think: little child >> with >> fingers in their ears.... "I can't hear you"), and it's exactly this >> relation >> that we need to fix. >> >> -- >> Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting >> ) >> Sandelman Software Works Inc, Ottawa and Worldwide >> >> >> >> >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag >> > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag >
- [saag] Discovery: can it be solved Watson Ladd
- Re: [saag] Discovery: can it be solved Antoine FRESSANCOURT
- Re: [saag] Discovery: can it be solved Martin Thomson
- Re: [saag] Discovery: can it be solved Michael Richardson
- Re: [saag] Discovery: can it be solved David Schinazi
- Re: [saag] Discovery: can it be solved Ted Hardie
- Re: [saag] Discovery: can it be solved David Schinazi
- Re: [saag] Discovery: can it be solved Watson Ladd
- Re: [saag] Discovery: can it be solved Tony Rutkowski