Re: [saag] Discovery: can it be solved
David Schinazi <dschinazi.ietf@gmail.com> Tue, 16 November 2021 21:25 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2363A0961 for <saag@ietfa.amsl.com>; Tue, 16 Nov 2021 13:25:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id leNTF7seDGlX for <saag@ietfa.amsl.com>; Tue, 16 Nov 2021 13:25:28 -0800 (PST)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13B1C3A095E for <saag@ietf.org>; Tue, 16 Nov 2021 13:25:28 -0800 (PST)
Received: by mail-pl1-x62d.google.com with SMTP id y7so350222plp.0 for <saag@ietf.org>; Tue, 16 Nov 2021 13:25:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=OEhVlk9/yPW6T9XcOlZE7E4Oi5pMVpNPpOwcjolL48I=; b=HzfINLOpFBlFfYiYuFK8o8YkSa8b4ivKy9LrrOyxSmqqStJAzlrz8ILqIzWVrr7jDq nhCj7l6ozr7MaauRhehzoxqWedghCbagw60hkKB6X5PZUl2cAw/Xj21iCxBfUVBzkR4z 1bV1/UPUkHHc+8fYFCGh+wy5Xu2sbAnq9mA5WdDsj7pvKhh9eIkICsCRgxjEz7jLw5fz Sgxw5bRhGNzH9TFQcCTEY3InNp6YUTKx0tteNGEXmporzitgvIigXTFyyJgyzNSZ3Vzu huVYa4iSzzBGBKfOnjeXiSwoQUqyhXO2mYqHGm3473wG0o5XjdgRg12CNFEo61F4euUk EvMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=OEhVlk9/yPW6T9XcOlZE7E4Oi5pMVpNPpOwcjolL48I=; b=T8DIxxqWktJhwoQAR5QJbtitlHbF7+rbQ22AkM+B1GGv9sQFCWrc3N4Mhd8h/e5IsN 7hnUQSI7Njj2Wm8YwSkPEagmQnPdmudZxK4gfXmwn70eHgwiMbEVWdNXpxPWSBhSXtLK cawbRAvy6vQPJqxpp3RwPKrMOYXoqTFZKTodwE5ymDI/BuLDCkc7Tjz8qiq8iRic7Y+w YtByucY3LeeJKPPZvoZe5Gv5PGMsx96jvdTpO2Z4X4Xe+hhxEKIzvhPhm2OK6F8Qw2/C XKgJePjNgih19zHC4qyxMgLeJMYA9aLw1W/cuWipZx/JvBeTegUB+XVF3i1XauQa+g4Y 7LrA==
X-Gm-Message-State: AOAM533SLanoD985vWKYZmtrePCRi85JuPMieCIbjhHI5jsMwo8XUPiT pcgtBnGT+uZw/XrfFGwvL2BmmYCZ/MOiKJRPBtCGiPnT
X-Google-Smtp-Source: ABdhPJy//w/jCEDKkTUweSEoVpOSr6tEqxGA+VdSAlDeM/If0CbIZKmrgoZT4AfB7dVAd1HuXHqmzj2VVIt//ldgL0A=
X-Received: by 2002:a17:902:bd88:b0:143:d318:76e6 with SMTP id q8-20020a170902bd8800b00143d31876e6mr6094285pls.66.1637097926568; Tue, 16 Nov 2021 13:25:26 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com> <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com> <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com> <19101.1637068497@localhost>
In-Reply-To: <19101.1637068497@localhost>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 16 Nov 2021 13:25:15 -0800
Message-ID: <CAPDSy+6YJcu+DGJMX2vzHNPtJyeW62qd7r4DsDoXtcY=4vKtgw@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="000000000000602ddf05d0ee90a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/dPeTMqnSnBanHzJ0BpTn6yllGsk>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 21:25:33 -0000
I don't see any value in standardizing discovery of privacy-related services. When a client device (a user agent, if you will) ships a feature that is marketed at improving user privacy, the vendor makes some promises to its users. For example, it could say "your IP address is hidden from websites". The vendor needs to follow through on that claim, and the way it does that is by using specific proxies that it trusts. If the vendor is fancy, it might even build a two-hop system with some cool privacy properties - but those properties still rely on the contractual agreements the vendor has with the other proxy operators. The vendor simply isn't going to let the local network recommend a proxy provider, because then the vendor would be lying to its users. David On Tue, Nov 16, 2021 at 5:15 AM Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > Martin Thomson <mt@lowentropy.net> wrote: > > The questions here are more fundamental. What security basis do we > > have for clients retrieving critical information from the network? > How > > does that affect the security of those clients? How might that shape > > how the services that are discovered can be deployed? What does that > do > > to the diversity of those services? > > I think that this is a pretty good question. > > 1) IoT LLN networks would like to avoid multicast, and so we have a move > from > multicast everything to register. > > 2) It's not a big-yellow-coax anyway, multicast is not real (its emulated), > MLD is broken in many places, we can't continue to play L2 tricks. > We need to acknowledge the real L1 topology, and we can do this in IPv6. > > 3) SEND failed due to lack of network/node/node trust relationships. > > 4) How many temporary addresses can the network sustain for each node? > We have no way in current RA/RS ND/NA for the routers to put any kind > of limit, and we already have documents that deal with pre-populating > NCE in routers to lower latency on initial connections. > If nodes need to register, then maybe the authentication can be mutual. > > > At some level, the question of IP intermediation (aka routing) has > been > > solved. We assume virtually nothing from IP forwarding and routing, > > but also expect very little from those providing that service. > > I don't really agree with this statement. I don't think it's been solved. > I think that we have paved over this relationship (think: little child with > fingers in their ears.... "I can't hear you"), and it's exactly this > relation > that we need to fix. > > -- > Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag >
- [saag] Discovery: can it be solved Watson Ladd
- Re: [saag] Discovery: can it be solved Antoine FRESSANCOURT
- Re: [saag] Discovery: can it be solved Martin Thomson
- Re: [saag] Discovery: can it be solved Michael Richardson
- Re: [saag] Discovery: can it be solved David Schinazi
- Re: [saag] Discovery: can it be solved Ted Hardie
- Re: [saag] Discovery: can it be solved David Schinazi
- Re: [saag] Discovery: can it be solved Watson Ladd
- Re: [saag] Discovery: can it be solved Tony Rutkowski