IETF Logo Mail Archive

Re: [v6ops] Google Alert - IPv6

Tom Herbert <tom@herbertland.com> Wed, 01 November 2017 04:55 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26EE713FA98 for <v6ops@ietfa.amsl.com>; Tue, 31 Oct 2017 21:55:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VSx18R86WVCy for <v6ops@ietfa.amsl.com>; Tue, 31 Oct 2017 21:55:43 -0700 (PDT)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C02113FB7A for <v6ops@ietf.org>; Tue, 31 Oct 2017 21:54:33 -0700 (PDT)
Received: by mail-qk0-x22a.google.com with SMTP id w134so1414947qkb.0 for <v6ops@ietf.org>; Tue, 31 Oct 2017 21:54:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=N5eBqmF/9Obhxo1hC7rnUkHxmcavPgX2sTLE2Eig6eU=; b=ro9DuLapDXRLPcp3KWuGW8SUy5oq/ONap/hr9ycXeVrsJGBdzPnTia6tPIbTk0zdN+ hhxR4Cznvp11EmaV8NNlMYAM0KQWvRtZZpgyrrcTewKZonOQCGQ739nGLrqdJWGKApLE lwoyEizJeLV56+CEy1lxq1Ge8kFNxZEzgzmgFb0P7nrGDUaH38dvWqxMaJplym6RrxDh e9efzbez+gFKjkbFz9iueuaW2rjJjzFJm7+a4V616BJ/byvwujfhk47bv0lSnUL31lYf de+Sv1cTCu+rdD46F4Ws6z7WvvQ7M5Vb/ltqvmd5u1UrmSe+d4LX8Id84EEV8HhSFkHh sfUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=N5eBqmF/9Obhxo1hC7rnUkHxmcavPgX2sTLE2Eig6eU=; b=g8EYer6kwpP+G9FZ3eQHNmAcfFi0avz4W25GKyqLq7TVgLKMtVLUztrS0M/2D3v2id 09lc4Lpd+9NJLt9mnwze5xxr3bsSFHD88ValF9bBvWxm4wcUcez8e1afl8FsxGl4qQRs TCJMV7UcAodrEFjuiOMLNHourCmWxWsu6dJP3wiqQy1XeGs2GjYEBwedbHutcQuzmye8 I3j/gU8wNVA7WaNcCUw2PtdTNzfdXZYl7HlEc6D/3PyhETe/o6byqdxKSeFq/lJBQ4jA DkPnjj7KqcbHCrmHmnthvPR+45BELS2jjL3rf6SQiwVRQQbwiEluZvc+yOehKktbM/J4 PHHg==
X-Gm-Message-State: AMCzsaXAx/mUedpu9ffyyWq6/C2kC+vueF7nzKQL+BZK+vok6Pmi8HdS smLBheSvm0CZIxgKa8DNIlweST30Vm4gX3AVpEQKKg==
X-Google-Smtp-Source: ABhQp+T+BNftMJHGBMmXLS/Sc55thVDRP5YRjplJgTNeoV6S66JrkYAVnXfyfLnLVZFGFU7j7fmXUVTSb/M43ju/JHg=
X-Received: by 10.55.155.86 with SMTP id d83mr6009246qke.311.1509512072625; Tue, 31 Oct 2017 21:54:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.54.4 with HTTP; Tue, 31 Oct 2017 21:54:31 -0700 (PDT)
In-Reply-To: <CAO42Z2yXH0sPJYXJ6Nrq0B=UaDK4mC1R2Tds1tFQeBhuVh5meg@mail.gmail.com>
References: <f403045ef57ac52962055bd88b84@google.com> <20395E98-DA55-447F-BEFE-CB581A88BB78@gmail.com> <alpine.DEB.2.20.1710190655260.31961@uplift.swm.pp.se> <20171019083506.6627a166@echo.ms.redpill-linpro.com> <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se> <787AE7BB302AE849A7480A190F8B93300A056EB5@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAHw9_iLWAMexrfXwsdB8duGa5ueJMofqVRqNck6DeOzA=KChqA@mail.gmail.com> <C4E37677-A2FB-49F8-B362-C29B28DFD570@daveor.com> <CE4906A4-E0CC-4C3F-A1F8-D2B5BED294D7@employees.org> <EDC5E9C7-F193-40CE-B21C-8E1D91E9E7E3@daveor.com> <C71D6C23-2720-403F-B655-D8156898A137@employees.org> <CALx6S37E9TN9SyMQfk3CSx9vWzjBM3bmuhvsyN0tFXGYFz9Mjw@mail.gmail.com> <CAO42Z2yXH0sPJYXJ6Nrq0B=UaDK4mC1R2Tds1tFQeBhuVh5meg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 31 Oct 2017 21:54:31 -0700
Message-ID: <CALx6S36kUrhP=+8KiX3ttr5cszezQfpYdmaFBsOFS-s+_Dqd8g@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Ole Troan <otroan@employees.org>, v6ops list <v6ops@ietf.org>, Tore Anderson <tore@fud.no>, Dave O'Reilly <rfc@daveor.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ATAYkSx6O83fXb7QAmDqxIp3Oio>
Subject: Re: [v6ops] Google Alert - IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2017 04:55:45 -0000

On Tue, Oct 31, 2017 at 6:42 PM, Mark Smith <markzzzsmith@gmail.com> wrote:
>
>
> On 31 Oct. 2017 01:48, "Tom Herbert" <tom@herbertland.com> wrote:
>
> On Mon, Oct 30, 2017 at 2:03 AM, Ole Troan <otroan@employees.org> wrote:
>> Hi Dave,
>>
>>>> Major comment:
>>>> 3) The document talks about identifying an individual, and in places a
>>>> subscriber endpoint. What it does identify, is the _originating network_.
>>>> What you get is the public interface address of the customer CPE. Which
>>>> looks like a network from the inside.
>>>> Make it very clear that this does not identify individual hosts. And it
>>>> might be worth noting that traffic my enter the originating network from
>>>> outside. E.g. through VPNs, TOR exits, shared WIFI and whatnot.
>>>>
>>>
>>> Yes, I completely agree.
>>>
>>> I do address this point in the -01 revision scope section:
>>>
>>> "Clearly no single solution will address the problem of crime attribution
>>> on the Internet.  Load balancers, proxies and other network infrastructure
>>> may also, intentionally or as a side-effect, obfuscate the true source of
>>> Internet traffic and these problems will continue to exist with or without
>>> the presence of large-scale address sharing technologies (like Carrier-Grade
>>> NAT and A+P).”
>>>
>>> I wanted to mention the point without getting dragged into details of all
>>> of the possible scenarios where an IP address does not represent an
>>> individual or subscriber endpoint (apart from CGNAT). I was of the opinion
>>> that there is a risk of trying to “boil the ocean” with a  document like
>>> this so I was trying to keep the focus as tightly as possible on the issues
>>> raised by CGNAT.
>>>
>>> In light of this, do you think this needs to be more explicitly discussed
>>> or clarified?
>>
>> I think that's fine.
>> As long as you make it clear that:
>>  - the IP address _never_ identifies an individual.
>
> Ole,
>
> I don't think this is something that can be part of the definition of
> an IP address, it's more of a desirable property of how IP addresses
> are assigned and used. For instance, a smartphone is given an IP
> address and technically identifies the host. But given that there is a
> likely one to one correspondence between personal device (and its
> address) to an individual user, the IP address of the device
> effectively identifies the individual or at least can be used with a
> little more information to do so. In this case, the IP address seems
> to be Personally Identifiable Information.
>
>
>
> The trouble is, unless we hand-cuff devices to people, the binding between a
> device and an individual isn't very strong. It is quite easy for a device to
> be shared, intentionally or not, with more portable (and therefore
> stealable,) devices making the coupling even weaker.
>
> I think attribution of an action is an authentication problem. Machine
> identifiers aren't very good analogues for individuals' identify and
> authenticity. In the "what you have, what you are, and what you know" group
> of authentication factors, I think the "what you have" is the weakest.
>
Mark,

I think the point is that for privacy we _don't_ want IP addresses to
identify individuals, but it is work to ensure that they don't. The
fact that a device can be shared makes the coupling weaker, but
probably not weak enough to be considered good privacy unless the
population sharing the device is large enough to avoid statistical
inference.

> There really needs to be something else that supports or proves use of a
> device other than an assumption that an IP address is tightly coupled to a
> device's owner, and therefore all actions associated with an IP address are
> thoe se of the device's owner.

I believe there is. It is common for apps, like email, social
networking, etc. to login to a service with username and password.
When login is done, the service now has a mapping of an individual to
an IP address. That mapping could then be exploited to identify the
same individual in completely unrelated communications, hence breaking
privacy. This could be done external to the device and the network
provider and across different jurisdictions. The problem is
exacerbated if the app is always connected so that whenever the
devices gets a new IP address to user mapping maintained by some third
party is kept up to date. Also, in this case, randomizing addresses at
some frequency may no provide much benefit to privacy unless every
connection gets a different source address (which is effectively is
what CGNAT gives).

Tom

v2.23.0 | Report a Bug | By Email