Re: [tcpm] New Version Notification for draft-williams-exp-tcp-host-id-opt-03.txt
Joe Touch <touch@isi.edu> Tue, 13 May 2014 16:56 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA3AA1A0115 for <tcpm@ietfa.amsl.com>; Tue, 13 May 2014 09:56:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.851
X-Spam-Level:
X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WtMY7PUx8yHQ for <tcpm@ietfa.amsl.com>; Tue, 13 May 2014 09:56:42 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by ietfa.amsl.com (Postfix) with ESMTP id D6F5C1A0107 for <tcpm@ietf.org>; Tue, 13 May 2014 09:56:42 -0700 (PDT)
Received: from [10.133.205.183] (UAPublic-35.guest.arizona.edu [206.207.225.35]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s4DGu9ru010268 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 13 May 2014 09:56:19 -0700 (PDT)
Message-ID: <53724EAB.2040604@isi.edu>
Date: Tue, 13 May 2014 09:56:11 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "Eggert, Lars" <lars@netapp.com>
References: <20140430142220.21274.18191.idtracker@ietfa.amsl.com> <53610C3B.6070006@akamai.com> <B98116CE-28AA-4A50-87F3-EF90967CCBBC@netapp.com> <53614C68.8040301@mti-systems.com> <536CEA0D.1040101@akamai.com> <6605BCC3-034D-417C-8B6D-F701F4585887@netapp.com> <537236EC.4090908@isi.edu> <48454865-68C8-4F93-BF64-D9F05C53DB6A@netapp.com>
In-Reply-To: <48454865-68C8-4F93-BF64-D9F05C53DB6A@netapp.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/eKDoeN6qySTuUBjyavyurK6NVC8
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] New Version Notification for draft-williams-exp-tcp-host-id-opt-03.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 16:56:45 -0000
On 5/13/2014 9:30 AM, Eggert, Lars wrote: > Hi, > > On 2014-5-13, at 17:14, Joe Touch <touch@isi.edu> wrote: >> It would be more useful for the iETF to take positions on devices that undermine its architecture (e.g., NATs) and protocols that are deployed against current technical advice (CUBIC). > > We're getting off-topic here, but what "current technical advice" is Cubic violating? > > It's not an IETF standard, RFC5681 >>> and that we are taking engineering steps to protect privacy. (See http://www.ietf.org/blog/2013/11/ for example.) >> >> The IESG Chair's report on the conclusion of community discussion specifically addressed the use of this document to block other docs: > > The text you quoted is entirely about what ADs should and should not > do *during IESG processing*. I'm not an AD (anymore), and I am certainly > free to make this argument as an individual *during a call for WG adoption*. Agreed. However, the entirety of the message indicated basically that the Chair was taking very rough - at best - consensus about a draft and making it BCP even though the community is widely split on the issue. >>> Having middleboxes tag flows with options that make identifying individuals easier goes directly against that stated goal. >> >> First, we're talking about use of this option by middleboxes and endpoints that already change host IDs (not personal IDs). > > Sure. But I don't see why this is relevant. Middleboxes create a problem that this is intended to let *them* fix. > In some sense CGNs - as problematic as they are - actually increase > privacy, because more users share an IP address. This document is about > counteracting this increased privacy. It's about letting *them* not provide that privacy where privacy wasn't intended. > And since we don't know by what > mechanism these host IDs get set, and given that the document talks > about potentially quite large ID namespace (32bits), you could actually > identify things at a finer granularity than hosts. You can also use ARP to find out the manufacturer of a NIC. We aren't deprecating ARP because of privacy concerns. You can also have existing NATs and CGNs expose host privacy in the source IP and port number selected, as well as in other fields that could easily be modified for their nefarious uses (e.g., ISNs). I don't see this new political statement as requiring WGs to scrub their protocols for all *potential* or *perceived* issues with privacy. >> Second, this mechanism can easily be used to obfuscate the identification hosts, to re-group them in alternate ways. > > How and by whom? > Even if hosts end up setting it, it'll get stripped > out or rewritten by an ISP middlebox that can set it based on subscriber > information and current connection context. First, that depends on whether they're protected by the endpoint or not - e.g., IPsec or TCP-AO could allow the source endpoint to set this information usefully, and prevent a middlebox from obfuscating it. >> Finally, I sincerely hope this draft's process doesn't become the >> poster child of the process fears raised by the IESG Chair in approving >> perpass and recommending it as BCP. > > So I actually hope it does. If so, I predict it will be the death of the IETF as a technical body. I can't speak for others, but I don't participate here to express my political positions. > But that's not the case here. This is not a WG document, and using > theBCP - that we have IETF consensus on Every rough consensus, and an IESG Chair that set the document type *after* last call. > - as an argument to not *start* > problematic work is entirely reasonable. If not, what *can* we use that > consensus BCP for? Feeling good about ourselves without actually doing > anything? In this case, it can and should drive the use cases discussed and security considerations presented. However, unless this mechanism provides more opportunity for tracking than existing protocols and mechanisms, I don't think it should be used to block it. Joe
- [tcpm] Fwd: New Version Notification for draft-wi… Brandon Williams
- Re: [tcpm] New Version Notification for draft-wil… Eggert, Lars
- Re: [tcpm] New Version Notification for draft-wil… Wesley Eddy
- Re: [tcpm] New Version Notification for draft-wil… Brandon Williams
- Re: [tcpm] New Version Notification for draft-wil… Joe Touch
- Re: [tcpm] New Version Notification for draft-wil… Eggert, Lars
- Re: [tcpm] New Version Notification for draft-wil… Eggert, Lars
- Re: [tcpm] New Version Notification for draft-wil… Brandon Williams
- Re: [tcpm] New Version Notification for draft-wil… Joe Touch
- Re: [tcpm] New Version Notification for draft-wil… Eggert, Lars
- Re: [tcpm] New Version Notification for draft-wil… Joe Touch
- Re: [tcpm] Fwd: New Version Notification for draf… Scharf, Michael (Michael)