Re: [Spud] Whats missing in SPUD (was: Re: Multipath/Mobility (was Questions based on draft-trammell-spud-req-00))
Toerless Eckert <eckert@cisco.com> Mon, 10 August 2015 21:06 UTC
Return-Path: <eckert@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 8D1FA1B3E8E
for <spud@ietfa.amsl.com>; Mon, 10 Aug 2015 14:06:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001,
T_FILL_THIS_FORM_SHORT=0.01, T_RP_MATCHES_RCVD=-0.01,
USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id MphIDalNbECn for <spud@ietfa.amsl.com>;
Mon, 10 Aug 2015 14:06:20 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90])
(using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 702801B3C60
for <spud@ietf.org>; Mon, 10 Aug 2015 14:06:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=cisco.com; i=@cisco.com; l=5278; q=dns/txt; s=iport;
t=1439240780; x=1440450380;
h=date:from:to:cc:subject:message-id:references:
mime-version:in-reply-to;
bh=eFk18UHqyHQnNmmXA444YBrXWNBp3B5FcPsX1m90gX8=;
b=nG15Bc72MlcupQy6X6Npo6Py4sORlzlMVpKbBMuk+8nZPix95YJmhERH
VXViBz6MgZkz7N5W0I9ZC3Y3FdnRtItumyb+cPwLGs73+qQ7TETXSPeCz
hVCfom8QgdaWi+usyBfI2rP8KnHNBn1qm3ETQaWmaoHVyXOpqYEYap6SR c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AUBQDcEclV/5hdJa1UCYMbVGm/R4V5AoE4PBABAQEBAQEBgQqEJAEBBCcTPxALGAkaCw8FSYhBDb5zkH4BAQEBAQEBAQEBAQEBAQEBAQEBAQETBItRhC1cB4MYgRQFjFV0h0KFAoJphHUDgUmEJZApg2YmgkCBXh4zAYJLAQEB
X-IronPort-AV: E=Sophos;i="5.15,648,1432598400"; d="scan'208";a="177059289"
Received: from rcdn-core-1.cisco.com ([173.37.93.152])
by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
10 Aug 2015 21:06:19 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121])
by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id t7AL6I0o015944
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
Mon, 10 Aug 2015 21:06:19 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1])
by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id t7AL6Ig1025285;
Mon, 10 Aug 2015 14:06:18 -0700
Received: (from eckert@localhost)
by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id t7AL6IMD025284;
Mon, 10 Aug 2015 14:06:18 -0700
Date: Mon, 10 Aug 2015 14:06:18 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Message-ID: <20150810210618.GB1667@cisco.com>
References: <20150810184444.GB16123@cisco.com>
<87lhdirije.fsf@alice.fifthhorseman.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87lhdirije.fsf@alice.fifthhorseman.net>
User-Agent: Mutt/1.4.2.2i
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/e04A34W-AMYiOTaqeXrGo-cocks>
Cc: Christian Huitema <huitema@microsoft.com>, spud@ietf.org
Subject: Re: [Spud] Whats missing in SPUD (was: Re: Multipath/Mobility (was
Questions based on draft-trammell-spud-req-00))
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 21:06:22 -0000
Well, biostats/signature/photo constitute elements to establish ownership of the ID card. And there may be county/city police regulations to keep track of full ID scans. And if not police then insurance or on advice of the bars lawyer in case of lawsuits/challenges. Aka: IMHO much more likely caused by third party directives then lets say the customer data collection done by eg: web/social-networking sites. But lets agree that the ID card in its current form is not ideal to exemplify "know what attributes you need to show for the desired benefits and then only show those attributes". So the right example would have been some form of ID card with keypad, i type in what attributes i want to send, it creates a new short lived cert and NFC's those attributes to the gatekeeper. Whether its Photo + (Age > 17) or anything else. On Mon, Aug 10, 2015 at 04:32:37PM -0400, Daniel Kahn Gillmor wrote: > On Mon 2015-08-10 14:44:44 -0400, Toerless Eckert wrote: > > "Here is your new ID card". > > "Why would i want to have an ID card, everybody who checks ID cards is evil" > > "You do not have to show your ID card if you don't want to" > > "Lets go to the bar" > > "ID card please" > > "Booze or anonymity... that's the question" > > "Lets choose booze" > > Have you ever tried to go to a bar where they require you to scan your > full ID into their targeted advertising database in order to step inside > for a pint with a friend? [0] They say they're asking this information > for the purpose of avoiding alcohol service to underage people. > > The full ID scan (at least where i live) contains legal name, home > address, biostats (height, weight, hair, eye color), date of birth, > license number, physical impairments, etc. The bar says "we need to > know whether you can legally drink" (a boolean value) and instead > collects a timestamped, identity-mapped, rich-characteristic profile of > every individual who enters the establishment. > > You're right, of course, that most people in such a situation will > choose booze over their own privacy. i won't go into the number of > reasons that people feel compelled to make this choice unless i get a > signal from the chairs that this kind of behavioral analysis is on-topic > for the list. > > But the fact that many people are willing to make this tradeoff is not a > legitimate excuse to design a system that encourages the tradeoff to be > made this way. > > That exchange is fundamentally a bad deal for the user, even if we > accept as a given that a bar needs an automated mechanism that allows it > to distinguish legal drinkers from underage drinkers. Users shouldn't be > forced into trading off privacy for network access any more than they > should be forced into trading off privacy for security [1], and we > shouldn't design mechanisms to encourage this false trade. > > > So, whats missing in SPUD (or any prior endpoint<->network) signaling > > is the signaling element "If you do not show ID card, you will not get > > booze" or "if you do not use a cross-subflow Tube-ID, your > > load-sharing, mobility or multipath performance will suck or not > > work". > > This is *exactly* what i'm concerned about with SPUD. Full user > identification is overkill for detection of who is allowed to drink (or > who is allowed to use the global network); it is a disaster for user > privacy, and a total bonanza for a would-be pervasive monitor. > > We're suposed to be pushing back on that kind of thing, right? > > https://tools.ietf.org/html/rfc7258 > https://tools.ietf.org/html/rfc6973 > > Formalizing this practice would put any network operator in the position > of the overzealous bar-operator/marketer: "give me your ID card via SPUD > to be able to send or receive traffic", not to mention criminals looking > for a home address to burgle based on who's out at the local cafe, > nation-states looking to repress their own citizenry, or spy agencies > fetishizing the need to "collect it all". > > > Using the same Tube-ID is just one example. This interaction really > > applies to any possible signaling element: The anonymity freak will > > argue to his death that he doesn't want to provide information to the > > network... unless the network can persuade him that the benefit of > > showing outweights the loss of anonymity. > > We should not be designing protocols that encourage users to give up any > amount of anonymity to the network without compelling engineering > argument (and evidence!) that the anonymity they give up is necessary to > the effective operation of the network. > > Otherwise, we're building a network that is designed to encourage its > users to accept this fundamentally bad deal in a place that is today far > more critical to civic interaction than a bar. > > I will accept the label of "anonymity freak" if it means i am concerned > about the social impact of a thoroughly-surveilled society. > > Thanks for the good example. > > Regards, > > --dkg > > [0] fwiw, i have been to a bar that has this requirement. I have not > returned to that bar. > > [1] https://www.schneier.com/blog/archives/2008/01/security_vs_pri.html
- [Spud] Whats missing in SPUD (was: Re: Multipath/… Toerless Eckert
- [Spud] Whats missing in SPUD (was: Re: Multipath/… Toerless Eckert
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Ted Hardie
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Toerless Eckert
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Ted Hardie
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Toerless Eckert
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Christian Huitema
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Daniel Kahn Gillmor
- Re: [Spud] Whats missing in SPUD (was: Re: Multip… Toerless Eckert
- Re: [Spud] Whats missing in SPUD Daniel Kahn Gillmor
- Re: [Spud] Whats missing in SPUD Toerless Eckert