Re: [secdir] secdir review of draft-ietf-dhc-access-network-identifier-08

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 10 July 2015 17:27 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D3901A020D; Fri, 10 Jul 2015 10:27:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GXF3R-y8q_Yd; Fri, 10 Jul 2015 10:27:51 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87D731A0187; Fri, 10 Jul 2015 10:27:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 65EE6BE5D; Fri, 10 Jul 2015 18:27:49 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T6v9dd0mYgpC; Fri, 10 Jul 2015 18:27:48 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.42.23.241]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 9D7E9BE5C; Fri, 10 Jul 2015 18:27:46 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1436549268; bh=imulHR88q9sZGW5TPNxNZYEC1h1/gl+GHSxzwvEmkXc=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=P4HyFQYwttFlsiiXQDunsdxCdtfcyM+e1e+ms4mVXjh3n2VD6mZC37VsfbaltlQt8 9YeFvpyQ8MCQ+JxgwMqnTBP4MKrPA3TYy7q5/qi4VU4Lv3fhGwcjsqsS8OyyY8G/Ol 7930VN0iLTHPJIsa4np5ICzfzKIJG80h+H1pHgCA=
Message-ID: <55A00090.6060303@cs.tcd.ie>
Date: Fri, 10 Jul 2015 18:27:44 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: "Bernie Volz (volz)" <volz@cisco.com>, "Sri Gundavelli (sgundave)" <sgundave@cisco.com>
References: <D2D64A55-212E-4EED-8545-F0E3ACF8F0CD@nrl.navy.mil> <D1C53A5B.1CA8B1%sgundave@cisco.com> <489D13FBFA9B3E41812EA89F188F018E1CB6B149@xmb-rcd-x04.cisco.com>
In-Reply-To: <489D13FBFA9B3E41812EA89F188F018E1CB6B149@xmb-rcd-x04.cisco.com>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/npjyURsPJbWNd7y51ak5N1-Fxs8>
Cc: "draft-ietf-dhc-access-network-identifier.all@tools.ietf.org" <draft-ietf-dhc-access-network-identifier.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-dhc-access-network-identifier-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 17:27:53 -0000

Hiya,

On 10/07/15 17:27, Bernie Volz (volz) wrote:
> IPsec should also hide this information from pervasive monitoring
> (though how much IPsec is in use is an open question). Note also that
> as this is relay to server (or relay to relay) communication, one
> would hope that most SPs have taken measures to 'secure' this traffic
> either by using IPsec or VPNs.

Do we have any data as to whether or not such protection does
get deployed? I'd not be surprised if there's not much public,
but if there were it'd be good to know.

I also believe we have had reported cases where pieces of
the network infrastructure of various kinds of operator have
been targeted for PM purposes, so while yes, it is really
strange that someone would want to do that, it seems to be
a real, and not notional, threat.

Ta,
S.