IETF Logo Mail Archive

Re: [Spud] Multipath/Mobility (was Questions based on draft-trammell-spud-req-00)

Toerless Eckert <eckert@cisco.com> Mon, 10 August 2015 18:35 UTC

Return-Path: <eckert@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ABD41B3C3C for <spud@ietfa.amsl.com>; Mon, 10 Aug 2015 11:35:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lyg_5pc8gSdb for <spud@ietfa.amsl.com>; Mon, 10 Aug 2015 11:35:11 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E045A1B3C1F for <spud@ietf.org>; Mon, 10 Aug 2015 11:35:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1899; q=dns/txt; s=iport; t=1439231710; x=1440441310; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=gaYY6dVrZE0Wvqmcc8nTXQskinOTgDIoPY+ALpB8Mmk=; b=bsfvbwJvzEnuP/br0/eAneJjF9DgsuIkssjXrhK+npSoJzW7IPYBhcie XcW0kBlTD9ER3kxn9pUQpRRLa1dBSS+zrhTgNysg4/Zf/rOJmC6KryoQ+ SL4CSZVJJ+B/q0/KE7BqA68l4WpDxetRNwLY/a4fOzVWBfi3g/BBgaBRX k=;
X-IronPort-AV: E=Sophos;i="5.15,647,1432598400"; d="scan'208";a="17440144"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-8.cisco.com with ESMTP; 10 Aug 2015 18:35:10 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id t7AIZ9Lo001652 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 10 Aug 2015 18:35:10 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id t7AIZ9h2015670; Mon, 10 Aug 2015 11:35:09 -0700
Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id t7AIZ9H1015669; Mon, 10 Aug 2015 11:35:09 -0700
Date: Mon, 10 Aug 2015 11:35:09 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Christian Huitema <huitema@microsoft.com>
Message-ID: <20150810183509.GV1667@cisco.com>
References: <CA+9kkMC2+=kyoU0JGVN65Nsvv3z0_wpJ8G8iQa1xU2DPWFt0HQ@mail.gmail.com> <DM2PR0301MB06551DB62FF49A99FD5843E9A8700@DM2PR0301MB0655.namprd03.prod.outlook.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <DM2PR0301MB06551DB62FF49A99FD5843E9A8700@DM2PR0301MB0655.namprd03.prod.outlook.com>
User-Agent: Mutt/1.4.2.2i
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/jOtE60b_kMz6lV5Yfxb-RCRREKk>
X-Mailman-Approved-At: Mon, 10 Aug 2015 13:20:38 -0700
Cc: Ted Hardie <ted.ietf@gmail.com>, "Black, David" <david.black@emc.com>, Eric Rescorla <ekr@rtfm.com>, Mirja =?iso-8859-1?Q?K=FChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>, Joe Hildebrand <jhildebr@cisco.com>, "spud@ietf.org" <spud@ietf.org>, Jana Iyengar <jri@google.com>, Ken Calvert <calvert@netlab.uky.edu>, Brian Trammell <ietf@trammell.ch>
Subject: Re: [Spud] Multipath/Mobility (was Questions based on draft-trammell-spud-req-00)
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 18:35:12 -0000

On Mon, Aug 10, 2015 at 06:13:28PM +0000, Christian Huitema wrote:
> I don't know what Toerless really means, but I am a bit concerned by the use of a "unique identifier" here. Specifically, I am concerned with the privacy implications of using unique identifiers. If the same identifier is used with multiple 5 tuples, then it can be used to tie together these tuples. There are cases when it doesn't matter too much, e.g. when just the client port changed, presumably after a NAT remapping. But if the client IP address changes, the unique identifier provides a neat way to track successive locations of a mobile device.

Sure, thats the purpose. As i said too, nobody forces higher layer protocols to
reuse the same Tube-ID. They would do it, when it gives any of the benefits
that i've listed in my last reply to Ted.

> I understand that using a unique identifier simplifies the device greatly. For example, a load balancer can use the unique identifier to ensure that packets are always routed to the "right" context. But we can do better than that. In fact, we should, because without a good alternative protocol designers will just pick the simple design, without worrying too much about privacy. The alternative is to design a privacy preserving way to bind two contexts together. 

forgot the load balancing example , thanks.

> That shouldn't be too hard. For example, the client could send a "tying" parameter encrypted with the server public key, tying the new context to a previous one. But we probably want to start this kind of design sooner rather than later, especially if we care about privacy.

Well, the problem with the security is always how to establish a trust
relationship between middlebox and endpoints. As i mentioned, there
should be some good resistance to reinvent the wheel, but i don't think
threre is a good wheel yet.
> 
> -- Christian Huitema

v2.8.7 | Report a Bug | By Email