Re: [secdir] secdir review of draft-ietf-dhc-access-network-identifier-08

"Bernie Volz (volz)" <> Fri, 10 July 2015 17:43 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B282E1A036E; Fri, 10 Jul 2015 10:43:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YO6gd33DQ5ZI; Fri, 10 Jul 2015 10:43:33 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 10ADE1A0366; Fri, 10 Jul 2015 10:43:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=2542; q=dns/txt; s=iport; t=1436550213; x=1437759813; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=JezFCv1Il0IQQ3hVKnNT28MimkicUWO1/Rw46GugUpU=; b=PaTeLIhej9u+dtmn1EAWlM0w/Sm0+OBGXk8VlDjyArO1mgHN+i7nX00i zyJXjaTtVQxP1BUUu2fRHT/xQ6Ho1BPha2BX+PMDdm6iElNjW4upvg1lv kcGoW/PFfctXnuHZqm505vPDQacZi+i9xdBemEVnpr9CfTxm9o5GPicRA k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.15,448,1432598400"; d="scan'208";a="167569885"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-SHA; 10 Jul 2015 17:43:30 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id t6AHhRPE009570 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 10 Jul 2015 17:43:27 GMT
Received: from ([]) by ([]) with mapi id 14.03.0195.001; Fri, 10 Jul 2015 12:43:27 -0500
From: "Bernie Volz (volz)" <>
To: Stephen Farrell <>, "Sri Gundavelli (sgundave)" <>
Thread-Topic: [secdir] secdir review of draft-ietf-dhc-access-network-identifier-08
Thread-Index: AQHQr1cxQKLuwYkBPkiaZWo79FHtqZ3VTZGA//+s30CAAGYpAP//rZEg
Date: Fri, 10 Jul 2015 17:43:26 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>, "" <>, "" <>
Subject: Re: [secdir] secdir review of draft-ietf-dhc-access-network-identifier-08
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 10 Jul 2015 17:43:34 -0000

I am not aware of such data. My guess is that most SPs place this kind of traffic in what they hope to be an isolated network (i.e., behind firewalls, ...).

Also, much of this data is pretty easy to find anyway ... SSIDs are mostly broadcast (or easy to snoop for), which mobile operator you use is probably discoverable in seconds (heck I bet you’d answer if I asked, or if I had your number a google query would probably tell me ...). So, I'm not really sure how critical this information tends to be. But, yet protecting it is better than not protecting it. But I think steps should have been taken for the other data in DHCP (relay to server).

- Bernie

-----Original Message-----
From: Stephen Farrell [] 
Sent: Friday, July 10, 2015 1:28 PM
To: Bernie Volz (volz); Sri Gundavelli (sgundave)
Subject: Re: [secdir] secdir review of draft-ietf-dhc-access-network-identifier-08


On 10/07/15 17:27, Bernie Volz (volz) wrote:
> IPsec should also hide this information from pervasive monitoring 
> (though how much IPsec is in use is an open question). Note also that 
> as this is relay to server (or relay to relay) communication, one 
> would hope that most SPs have taken measures to 'secure' this traffic 
> either by using IPsec or VPNs.

Do we have any data as to whether or not such protection does get deployed? I'd not be surprised if there's not much public, but if there were it'd be good to know.

I also believe we have had reported cases where pieces of the network infrastructure of various kinds of operator have been targeted for PM purposes, so while yes, it is really strange that someone would want to do that, it seems to be a real, and not notional, threat.