IETF Logo Mail Archive

Re: [sfc] [GRAYMAIL] Re: HTTP Header injection

<mohamed.boucadair@orange.com> Fri, 13 February 2015 14:12 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 623581A8704 for <sfc@ietfa.amsl.com>; Fri, 13 Feb 2015 06:12:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6WjDmCNNCNVa for <sfc@ietfa.amsl.com>; Fri, 13 Feb 2015 06:12:20 -0800 (PST)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E8B51A86FB for <sfc@ietf.org>; Fri, 13 Feb 2015 06:12:14 -0800 (PST)
Received: from omfedm07.si.francetelecom.fr (unknown [xx.xx.xx.3]) by omfedm09.si.francetelecom.fr (ESMTP service) with ESMTP id 0E5072DC509; Fri, 13 Feb 2015 15:12:13 +0100 (CET)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.16]) by omfedm07.si.francetelecom.fr (ESMTP service) with ESMTP id D73D84C0F3; Fri, 13 Feb 2015 15:12:12 +0100 (CET)
Received: from OPEXCLILM23.corporate.adroot.infra.ftgroup ([169.254.2.231]) by OPEXCLILH05.corporate.adroot.infra.ftgroup ([10.114.31.16]) with mapi id 14.03.0224.002; Fri, 13 Feb 2015 15:12:10 +0100
From: mohamed.boucadair@orange.com
To: Narseo Vallina Rodriguez <narseo@icsi.berkeley.edu>
Thread-Topic: [sfc] [GRAYMAIL] Re: HTTP Header injection
Thread-Index: AQHQRQQGYf3dPoiF4kyzwlTYmpG4dZzuoW8g
Date: Fri, 13 Feb 2015 14:12:09 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93300490AE24@OPEXCLILM23.corporate.adroot.infra.ftgroup>
References: <CAJmR=Q=DZoMSLoH=Aoe7U-96nb4K=uKo2UbtOn0m8cdo1823UQ@mail.gmail.com> <CAJmR=Qk24E4mJgKGTk5=-gW-w_xAeNY4BhS1E1Wx_B03KGQS_w@mail.gmail.com> <CDF2F015F4429F458815ED2A6C2B6B0B2E808835@MBX021-W3-CA-2.exch021.domain.local> <CAJmR=Qm5_fu=HpRKYjsqZ=8HBUUej=H+i=Ss5FEWC-K_HHMsxw@mail.gmail.com> <CDF2F015F4429F458815ED2A6C2B6B0B2E809945@MBX021-W3-CA-2.exch021.domain.local> <CAJmR=Qm1+fObe8N4FAGUK-sY7D5-ir0-GjbiB0h1xrYaBcveOQ@mail.gmail.com> <CDF2F015F4429F458815ED2A6C2B6B0B2E809A40@MBX021-W3-CA-2.exch021.domain.local> <CAJmR=QnXB7-AJ48zNhpo_0CPaUBqcf756dAiUFH0NEPQbO_WMA@mail.gmail.com>
In-Reply-To: <CAJmR=QnXB7-AJ48zNhpo_0CPaUBqcf756dAiUFH0NEPQbO_WMA@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.5]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2015.2.13.120922
Archived-At: <http://mailarchive.ietf.org/arch/msg/sfc/AFuRhxSRhhnaDo8bOxdptHsCq08>
Cc: Ron Parker <Ron_Parker@affirmednetworks.com>, "sfc@ietf.org" <sfc@ietf.org>
Subject: Re: [sfc] [GRAYMAIL] Re: HTTP Header injection
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2015 14:12:29 -0000

Dear Narseo, 

An example to illustrate the need to inject a header in a mobile network (other than those similar to HTTP_MSISDN, HTTP_X_MSISDN, HTTP_X_UP_CALLING_LINE_ID, HTTP_X_NOKIA_MSISDN, HTTP_X_HTS_CLID, HTTP_X_MSP_CLID,HTTP_X_NX_CLID, HTTP_RAPMIN, HTTP_X_WAP_MSISDN, HTTP_COOKIE, HTTP_X_UP_LSID, HTTP_X_H3G_MSISDN, HTTP_X_JINNY_CID, HTTP_X_NETWORK_INFO, etc. ) is discussed in: https://tools.ietf.org/html/draft-boucadair-intarea-host-identifier-scenarios-09#section-10.2. 

Privacy related considerations of this typical example are elaborated here: https://tools.ietf.org/html/rfc6967#section-3.

Cheers,
Med

-----Message d'origine-----
De : sfc [mailto:sfc-bounces@ietf.org] De la part de Narseo Vallina Rodriguez
Envoyé : mardi 10 février 2015 08:34
À : Ron Parker
Cc : sfc@ietf.org
Objet : Re: [sfc] [GRAYMAIL] Re: HTTP Header injection

Hi Ron

Thanks a lot for your explanation. I get better the point that you
were trying to make so I understand your position and I'm starting to
get a better picture of the whole draft.

I would appreciate other's opinions about why such headers may be
needed, in particular in the mobile scenario, and how the associated
privacy issues that today exist will be addressed.

Many thanks again



On Mon, Feb 9, 2015 at 4:54 PM, Ron Parker
<Ron_Parker@affirmednetworks.com> wrote:
> Narseo,
>
> The point I was trying to make is that the use of the SFC encapsulation metadata within the carrier's administrative domain, instead of HTTP header enrichment, will address these security considerations.   The current SFC architecture states that it is supported within a single administrative domain with inter-domain SFC for further study.   Stated another way, end-to-end SFC is not supported.
>
>     Ron
>
>
> ________________________________________
> From: Narseo Vallina Rodriguez [narseo@icsi.berkeley.edu]
> Sent: Monday, February 09, 2015 7:26 PM
> To: Ron Parker
> Cc: sfc@ietf.org
> Subject: Re: [GRAYMAIL] Re: [sfc] HTTP Header injection
>
> Hi Ron
>
> Thanks for the explanation. I still have some concerns about the
> header enrichment that may be worth discussing further. Let me respond
> inline.
>
>> The HTTP X-headers related to identification are typically inserted by the Subscriber Management System for the benefit of transparent midboxes such as video optimizers, IDS/IPS, Firewall, etc.   The fact that it goes all the way to the origin server is sometimes incidental.
>>
>
> That's exactly my main concern. The first example for SFC use cases in
> mobile networks is functions to protect the carrier network and the
> privacy of its users. This is contradictory with many other parts of
> the draft as in the case that we're discussing unless there are other
> reasons behind such as monetizing user's metadata.
>
> If not, why is this information leaving the network and reaching the
> origin server without any control given how sensitive it is?
>
> As you frame it, it sounds like End-to-End SFC is not the goal in this
> case. If so, aren't better ways of doing performance enhancement as in
> the video streaming case without leaking personal data as using
> "differential" values rather than unique absolute ones on a per-user
> basis?
>
> From my perspective,  adding these headers does not add much value to
> the whole chain, but still present a serious privacy concern for most
> users so that's why I would like to know about a real use case in
> which the uncontrolled leak beyond the scope of the operator (and the
> addition of the headers) is completely justify.
>
> Just for reference, we have identified the following headers added by
> mobile proxies. We have records going back to November 2013
>
> The 3 headers listed below are perma-cookies (the EFF showed their
> concerns with such headers), which do not map to any unique identifier
> such as IMEI/IMSI but they still identify the user uniquely. We have
> observed them in a bunch of operators all over the world.
>
> x-acr
> X-UIDH
> X-VF-ACR
>
> The headers below leak directly raw values without any anonymization
> as you proposed, thus becoming serious privacy leaks. In fact, these
> are some of the values that are listed on the draft as possible values
> to be included, which is worrying and also contradicting the privacy
> preserving use case.
>
> LBS-EventTime: Header probably related to location-based services.
> LBS-ZoneID: Idem
> MSISDN: Subscriber phone number.
> x-up-3gpp-imeisv: Device IMEI. Identifies the device uniquely.
> x-up-nai: Email-like name that identifies the user and operator.
> x-up-calling-line-id: Subscriber phone number.
> x-up-vodacomgw-subid: Subscriber phone number.
>
>> But, this technique is limited to only clear-text HTTP.   As end-to-end HTTPS increases, the portion of flows that can be enriched in this manner decreases.
>>
>
> Still, a large fraction of users' traffic is still HTTP, as in the
> case of ad-traffic that actually involve more than one party. Just
> check a normal online newspaper or magazine. As a result, this
> information is being collected by an uncontrolled number of online
> services. Some of them, may not be trustworthy.
>
>> SFC has the potential to solve the problem of providing policy hooks to midboxes in a more universal and elegant fashion through the use of the metadata capabilities inherent in the SFC encapsulation header.
>>
>
> So is the point to enable E2E SFC? Once more, couldn't this be done
> without enabling users' tracking and leaking their personal data?
>
> How will middleboxes take advantage of them if the x-headers are not
> standardised and are highly customized by operators and proxy
> manufacturers?
>

_______________________________________________
sfc mailing list
sfc@ietf.org
https://www.ietf.org/mailman/listinfo/sfc

v2.23.0 | Report a Bug | By Email