IETF Logo Mail Archive

Re: [Spud] Multipath/Mobility (was Questions based on draft-trammell-spud-req-00)

Toerless Eckert <eckert@cisco.com> Mon, 10 August 2015 18:44 UTC

Return-Path: <eckert@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 406CC1B2DA0 for <spud@ietfa.amsl.com>; Mon, 10 Aug 2015 11:44:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id knhPY3GN81D2 for <spud@ietfa.amsl.com>; Mon, 10 Aug 2015 11:44:00 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43A961B29CC for <spud@ietf.org>; Mon, 10 Aug 2015 11:43:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2035; q=dns/txt; s=iport; t=1439232233; x=1440441833; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=MbR6/2YZp4oFO1qaV+JjGV/1N/n+gJs8f5LjxIsRBIE=; b=g8uTm3BLGS1A/W8C+ALpmOLQR/1p2DhAXwYOKoMbxDuVN7e4Lsq53bh0 eKjlpGh8MjFy5UkbsU5EV3fp2ChqgoAkCFnpK4z3SGfJTjkiGJxOeVSzu cMvOYf9v+7EM4Y9XjhXVBnC0Qy8sK/C+4i1ZA7QKsBfuWD8S0sYBNabY6 s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AoAwCa78hV/5RdJa1dgxuBPb03CYd+AoE2OBQBAQEBAQEBgQqEIwEBAQMBOisJBAcFCwsYCSUPBUkTiCYIz3ABAQEBAQEBAQEBAQEBAQEBAQEBAQEXi1GEMQ1LB4MYgRQFjUmHQoxgA5l9JoIPHBWBXh4zgQaBRgEBAQ
X-IronPort-AV: E=Sophos;i="5.15,647,1432598400"; d="scan'208";a="23078389"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 10 Aug 2015 18:43:52 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id t7AIhpgn021861 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 10 Aug 2015 18:43:52 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id t7AIhp46016262; Mon, 10 Aug 2015 11:43:51 -0700
Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id t7AIhpJd016261; Mon, 10 Aug 2015 11:43:51 -0700
Date: Mon, 10 Aug 2015 11:43:51 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Christian Huitema <huitema@microsoft.com>
Message-ID: <20150810184351.GA16123@cisco.com>
References: <CA+9kkMC2+=kyoU0JGVN65Nsvv3z0_wpJ8G8iQa1xU2DPWFt0HQ@mail.gmail.com> <DM2PR0301MB06551DB62FF49A99FD5843E9A8700@DM2PR0301MB0655.namprd03.prod.outlook.com> <20150810183509.GV1667@cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150810183509.GV1667@cisco.com>
User-Agent: Mutt/1.4.2.2i
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/gV68gdmhXN3z-0oNxFYWINOsst4>
Cc: "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] Multipath/Mobility (was Questions based on draft-trammell-spud-req-00)
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 18:44:05 -0000

Sigh... resending. spud@ietf.org mailing list owner hansn't bumped up the Cc limit...

On Mon, Aug 10, 2015 at 06:13:28PM +0000, Christian Huitema wrote:
> I don't know what Toerless really means, but I am a bit concerned by the use of a "unique identifier" here. Specifically, I am concerned with the privacy implications of using unique identifiers. If the same identifier is used with multiple 5 tuples, then it can be used to tie together these tuples. There are cases when it doesn't matter too much, e.g. when just the client port changed, presumably after a NAT remapping. But if the client IP address changes, the unique identifier provides a neat way to track successive locations of a mobile device.

Sure, thats the purpose. As i said too, nobody forces higher layer protocols to
reuse the same Tube-ID. They would do it, when it gives any of the benefits
that i've listed in my last reply to Ted.

> I understand that using a unique identifier simplifies the device greatly. For example, a load balancer can use the unique identifier to ensure that packets are always routed to the "right" context. But we can do better than that. In fact, we should, because without a good alternative protocol designers will just pick the simple design, without worrying too much about privacy. The alternative is to design a privacy preserving way to bind two contexts together. 

forgot the load balancing example , thanks.

> That shouldn't be too hard. For example, the client could send a "tying" parameter encrypted with the server public key, tying the new context to a previous one. But we probably want to start this kind of design sooner rather than later, especially if we care about privacy.

Well, the problem with the security is always how to establish a trust
relationship between middlebox and endpoints. As i mentioned, there
should be some good resistance to reinvent the wheel, but i don't think
threre is a good wheel yet.
> 
> -- Christian Huitema

-- 
---
Toerless Eckert, eckert@cisco.com

v2.8.7 | Report a Bug | By Email