IETF Logo Mail Archive

Re: [VIPR] VIPR privacy issue

"Richard L. Barnes" <rbarnes@bbn.com> Thu, 26 January 2012 21:47 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: vipr@ietfa.amsl.com
Delivered-To: vipr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 604DD21F85FC for <vipr@ietfa.amsl.com>; Thu, 26 Jan 2012 13:47:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.198
X-Spam-Level:
X-Spam-Status: No, score=-106.198 tagged_above=-999 required=5 tests=[AWL=0.401, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N3FPqXvTq4W9 for <vipr@ietfa.amsl.com>; Thu, 26 Jan 2012 13:47:38 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id A051121F85D5 for <vipr@ietf.org>; Thu, 26 Jan 2012 13:47:38 -0800 (PST)
Received: from ros-dhcp192-1-51-95.bbn.com ([192.1.51.95]:63286) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.74 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1RqXAO-0003Dh-V3; Thu, 26 Jan 2012 16:47:37 -0500
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: "Richard L. Barnes" <rbarnes@bbn.com>
In-Reply-To: <4F21C7EC.2000201@acm.org>
Date: Thu, 26 Jan 2012 16:47:36 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <57AD64CF-7F67-44A0-AE79-4AE9848E4746@bbn.com>
References: <4F1F1A42.1030201@acm.org> <9734F726-C0A8-42D6-87A4-65535D5F3E80@bbn.com> <4F217CC9.4080802@acm.org> <50D0BC87-EC6C-401E-A2F9-A05AC60D5EF0@bbn.com> <92E46A75-E370-4A52-BF04-F2D811D3C0C0@softarmor.com> <4F21C7EC.2000201@acm.org>
To: Marc Petit-Huguenin <petithug@acm.org>
X-Mailer: Apple Mail (2.1084)
Cc: "vipr@ietf.org" <vipr@ietf.org>, Dean Willis <dean.willis@softarmor.com>
Subject: Re: [VIPR] VIPR privacy issue
X-BeenThere: vipr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Verification Involving PSTN Reachability working group <vipr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vipr>, <mailto:vipr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vipr>
List-Post: <mailto:vipr@ietf.org>
List-Help: <mailto:vipr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vipr>, <mailto:vipr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2012 21:47:39 -0000

Or (4), don't worry, be happy?  :)

Seriously, the question is whether the group feels that these privacy risks merit changing the work that this group is doing, or whether the benefit of ViPR is enough that exposing one's IP address is a tolerable risk.

IMO, it seems like there are enough operational mitigations to these risks that no fundamental changes to ViPR are needed.  But I maybe I'm misunderstanding; it's been a while since I've thoroughly read through the documents.

--Richard




On Jan 26, 2012, at 4:38 PM, Marc Petit-Huguenin wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> On 01/26/2012 01:28 PM, Dean Willis wrote:
>> 
>> On Jan 26, 2012, at 10:40 AM, Richard L. Barnes wrote:
>>> 
>>> 
>>> Like I said, the mitigation here is the same as any situation where you
>>> want to hide your IP address: Send packets from a different network.
>> 
>> 
>> So we should run a great big VPN in order to run RELOAD in order to run
>> ViPR?
>> 
>> Great! Now all we need is a peer-to-peer VPN capable of obscuring the IP
>> addresses being used.
>> 
>> I'm trying to imagine just how badly the universe would break if one tried
>> to run RELOAD over TOR. I don't think I have that good an imagination,
>> because scenes from the movie "2012" pale by comparison, and I'm sure the
>> real situation would be far worse than what I imagine.
>> 
>> But this does all come back to why I haven't been able to convince myself
>> of the real-world utility of ViPR. We're layering vast complexity onto what
>> is basically a distributed  trust-anchor problem, where the easiest thing
>> to do in the real-world is to have a centralized anchor (which might itself
>> refer to the PSTN basis anchor).
>> 
>> How about an alt-root DDNS/ENUM server that itself uses PSTN reachability
>> to verify registrations submitted via DDNS?
> 
> That may be worth investigating, but the first thing that the WG should
> answer, IMHO, is do we want to 1) give up, 2) delay for RELOAD, or 3) replace
> RELOAD?
> 
> - -- 
> Marc Petit-Huguenin
> Personal email: marc@petit-huguenin.org
> Professional email: petithug@acm.org
> Blog: http://blog.marc.petit-huguenin.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> iQIcBAEBCAAGBQJPIcfqAAoJECnERZXWan7E6sQP/2jBmenEmlsQ+Pe5V1F/qn7e
> kSQjw6EuUGKjz5oONhsbEw2N4kAHwtivQlfriJoT4NxeYspWWvg+13Btb4+OlTFU
> QNAU9rY0Zd+AZJvFBII70TGjKl5aRZ5G7LRmgfsyp88OAODs9FtHRVzTtQVSTbEV
> ZYWtzYXRWcYosH+9sML7vFn8gf5njDsR0pTEV1Xt+DVdVbec+MV35zHmX8gOtR84
> +s/LalXe8rPUdmDV7qAHHZir9gCj2FmSuJlb2KGr3IfEj+mD1FeRTfsN8bhtE0zZ
> cfg8yAYjLgvNy7O7ZXFN8GIQx40StJqRXCxuzrJ0CHHDlS3NJ8vv8IVM8mlMIt0d
> UaHnC4DcU3yQGFNGe+f3cG1KrtAIsDTUJyyppsra4Q41dP4eporG8uWZDbIJwDMI
> Jg7nwSJD6RJ8qL6zgWl1gNyfRXOKG3s3Wt8Oy/l00Q837N8+KxGRA7WeEu0PMjkR
> 8d1C/i4dPymKVA5FsdPatG+/dHee8FzbYKriGOmCXsGhx5+rcW3m3tVE+lpzqBZ9
> 0dysmnJmjNJUcsHIp+o+CWKd5FcSewxfNMHy762lmJME7srDVzENd8rWi5luHVWn
> k1KviQe82XaV6PhKb6/K3rSSotNAPKwkSiIvSsuaOeDv1Wmzi472Mp/BX0M2/s9p
> 5hv+PEtbfXzcNBh+zW3r
> =OqpG
> -----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email