| draft-ietf-lisp-eid-anonymity-04.txt | draft-ietf-lisp-eid-anonymity-05.txt | |||
|---|---|---|---|---|
| Network Working Group D. Farinacci | Network Working Group D. Farinacci | |||
| Internet-Draft lispers.net | Internet-Draft lispers.net | |||
| Intended status: Experimental P. Pillay-Esnault | Intended status: Experimental P. Pillay-Esnault | |||
| Expires: April 25, 2019 Huawei Technologies | Expires: September 29, 2019 Huawei Technologies | |||
| W. Haddad | W. Haddad | |||
| Ericsson | Ericsson | |||
| October 22, 2018 | March 28, 2019 | |||
| LISP EID Anonymity | LISP EID Anonymity | |||
| draft-ietf-lisp-eid-anonymity-04 | draft-ietf-lisp-eid-anonymity-05 | |||
| Abstract | Abstract | |||
| This specification will describe how ephemeral LISP EIDs can be used | This specification will describe how ephemeral LISP EIDs can be used | |||
| to create source anonymity. The idea makes use of frequently | to create source anonymity. The idea makes use of frequently | |||
| changing EIDs much like how a credit-card system uses a different | changing EIDs much like how a credit-card system uses a different | |||
| credit-card numbers for each transaction. | credit-card numbers for each transaction. | |||
| Requirements Language | Requirements Language | |||
| skipping to change at page 1, line 42 ¶ | skipping to change at page 1, line 42 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 25, 2019. | This Internet-Draft will expire on September 29, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 32 ¶ | skipping to change at page 2, line 32 ¶ | |||
| 6. Interworking Considerations . . . . . . . . . . . . . . . . . 5 | 6. Interworking Considerations . . . . . . . . . . . . . . . . . 5 | |||
| 7. Multicast Considerations . . . . . . . . . . . . . . . . . . 5 | 7. Multicast Considerations . . . . . . . . . . . . . . . . . . 5 | |||
| 8. Performance Improvements . . . . . . . . . . . . . . . . . . 6 | 8. Performance Improvements . . . . . . . . . . . . . . . . . . 6 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | |||
| 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . 6 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 6 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . 8 | 11.2. Informative References . . . . . . . . . . . . . . . . . 8 | |||
| Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 8 | Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 8 | |||
| Appendix B. Document Change Log . . . . . . . . . . . . . . . . 8 | Appendix B. Document Change Log . . . . . . . . . . . . . . . . 8 | |||
| B.1. Changes to draft-ietf-lisp-eid-anonymity-04 . . . . . . . 8 | B.1. Changes to draft-ietf-lisp-eid-anonymity-05 . . . . . . . 8 | |||
| B.2. Changes to draft-ietf-lisp-eid-anonymity-03 . . . . . . . 8 | B.2. Changes to draft-ietf-lisp-eid-anonymity-04 . . . . . . . 8 | |||
| B.3. Changes to draft-ietf-lisp-eid-anonymity-02 . . . . . . . 9 | B.3. Changes to draft-ietf-lisp-eid-anonymity-03 . . . . . . . 9 | |||
| B.4. Changes to draft-ietf-lisp-eid-anonymity-01 . . . . . . . 9 | B.4. Changes to draft-ietf-lisp-eid-anonymity-02 . . . . . . . 9 | |||
| B.5. Changes to draft-ietf-lisp-eid-anonymity-00 . . . . . . . 9 | B.5. Changes to draft-ietf-lisp-eid-anonymity-01 . . . . . . . 9 | |||
| B.6. Changes to draft-farinacci-lisp-eid-anonymity-02 . . . . 9 | B.6. Changes to draft-ietf-lisp-eid-anonymity-00 . . . . . . . 9 | |||
| B.7. Changes to draft-farinacci-lisp-eid-anonymity-01 . . . . 9 | B.7. Changes to draft-farinacci-lisp-eid-anonymity-02 . . . . 9 | |||
| B.8. Changes to draft-farinacci-lisp-eid-anonymity-00 . . . . 9 | B.8. Changes to draft-farinacci-lisp-eid-anonymity-01 . . . . 9 | |||
| B.9. Changes to draft-farinacci-lisp-eid-anonymity-00 . . . . 10 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 1. Introduction | 1. Introduction | |||
| The LISP architecture [RFC6830] specifies two namespaces, End-Point | The LISP architecture [RFC6830] specifies two namespaces, End-Point | |||
| IDs (EIDs) and Routing Locators (RLOCs). An EID identifies a node in | IDs (EIDs) and Routing Locators (RLOCs). An EID identifies a node in | |||
| the network and the RLOC indicates the EID's topological location. | the network and the RLOC indicates the EID's topological location. | |||
| Typically EIDs are globally unique so a end-node system can connect | Typically EIDs are globally unique so a end-node system can connect | |||
| to any other end-node system on the Internet. Privately used EIDs | to any other end-node system on the Internet. Privately used EIDs | |||
| are allowed when scoped within a VPN but must always be unique within | are allowed when scoped within a VPN but must always be unique within | |||
| skipping to change at page 2, line 52 ¶ | skipping to change at page 3, line 4 ¶ | |||
| 1. Introduction | 1. Introduction | |||
| The LISP architecture [RFC6830] specifies two namespaces, End-Point | The LISP architecture [RFC6830] specifies two namespaces, End-Point | |||
| IDs (EIDs) and Routing Locators (RLOCs). An EID identifies a node in | IDs (EIDs) and Routing Locators (RLOCs). An EID identifies a node in | |||
| the network and the RLOC indicates the EID's topological location. | the network and the RLOC indicates the EID's topological location. | |||
| Typically EIDs are globally unique so a end-node system can connect | Typically EIDs are globally unique so a end-node system can connect | |||
| to any other end-node system on the Internet. Privately used EIDs | to any other end-node system on the Internet. Privately used EIDs | |||
| are allowed when scoped within a VPN but must always be unique within | are allowed when scoped within a VPN but must always be unique within | |||
| that scope. Therefore, address allocation is required by network | that scope. Therefore, address allocation is required by network | |||
| administration to avoid address collisions or duplicate address use. | administration to avoid address collisions or duplicate address use. | |||
| In a multiple namespace architecture like LISP, typically the EID | In a multiple namespace architecture like LISP, typically the EID | |||
| will stay fixed while the RLOC can change. This occurs when the EID | will stay fixed while the RLOC can change. This occurs when the EID | |||
| is mobile or when the LISP site the EID resides in changes its | is mobile or when the LISP site the EID resides in changes its | |||
| connection to the Internet. | connection to the Internet. | |||
| LISP creates the opportunity where EIDs are fixed and won't change. | LISP creates the opportunity where EIDs are fixed and won't change. | |||
| This can create a privacy problem more so than what we have on the | This draft will examine a technique to allow a end-node system to use | |||
| Internet today. This draft will examine a technique to allow a end- | a temporary address. The lifetime of a temporary address can be the | |||
| node system to use a temporary address. The lifetime of a temporary | same as a lifetime of an address in use today on the Internet or can | |||
| address can be the same as a lifetime of an address in use today on | have traditionally shorter lifetimes, possibly on the order of a day | |||
| the Internet or can have traditionally shorter lifetimes, possibly on | or even change as frequent as new connection attempts. | |||
| the order of a day or even change as frequent as new connection | ||||
| attempts. | ||||
| 2. Definition of Terms | 2. Definition of Terms | |||
| Ephemeral-EID - is an IP address that is created randomly for use | Ephemeral-EID - is an IP address that is created randomly for use | |||
| for a temporary period of time. An Ephemeral-EID has all the | for a temporary period of time. An Ephemeral-EID has all the | |||
| properties of an EID as defined in [RFC6830]. Ephemeral-EIDs are | properties of an EID as defined in [RFC6830]. Ephemeral-EIDs are | |||
| not stored in the Domain Name System (DNS) and should not be used | not stored in the Domain Name System (DNS) and should not be used | |||
| in long-term address referrals. | in long-term address referrals. | |||
| Client End-Node - is a network node that originates and consumes | Client End-Node - is a network node that originates and consumes | |||
| skipping to change at page 8, line 20 ¶ | skipping to change at page 8, line 20 ¶ | |||
| 11.2. Informative References | 11.2. Informative References | |||
| [I-D.farinacci-lisp-ecdsa-auth] | [I-D.farinacci-lisp-ecdsa-auth] | |||
| Farinacci, D. and E. Nordmark, "LISP Control-Plane ECDSA | Farinacci, D. and E. Nordmark, "LISP Control-Plane ECDSA | |||
| Authentication and Authorization", draft-farinacci-lisp- | Authentication and Authorization", draft-farinacci-lisp- | |||
| ecdsa-auth-03 (work in progress), September 2018. | ecdsa-auth-03 (work in progress), September 2018. | |||
| [I-D.ietf-lisp-eid-mobility] | [I-D.ietf-lisp-eid-mobility] | |||
| Portoles-Comeras, M., Ashtaputre, V., Moreno, V., Maino, | Portoles-Comeras, M., Ashtaputre, V., Moreno, V., Maino, | |||
| F., and D. Farinacci, "LISP L2/L3 EID Mobility Using a | F., and D. Farinacci, "LISP L2/L3 EID Mobility Using a | |||
| Unified Control Plane", draft-ietf-lisp-eid-mobility-02 | Unified Control Plane", draft-ietf-lisp-eid-mobility-03 | |||
| (work in progress), May 2018. | (work in progress), November 2018. | |||
| [I-D.ietf-lisp-signal-free-multicast] | [I-D.ietf-lisp-signal-free-multicast] | |||
| Moreno, V. and D. Farinacci, "Signal-Free LISP Multicast", | Moreno, V. and D. Farinacci, "Signal-Free LISP Multicast", | |||
| draft-ietf-lisp-signal-free-multicast-09 (work in | draft-ietf-lisp-signal-free-multicast-09 (work in | |||
| progress), March 2018. | progress), March 2018. | |||
| Appendix A. Acknowledgments | Appendix A. Acknowledgments | |||
| The author would like to thank the LISP WG for their review and | The author would like to thank the LISP WG for their review and | |||
| acceptance of this draft. | acceptance of this draft. | |||
| Appendix B. Document Change Log | Appendix B. Document Change Log | |||
| [RFC Editor: Please delete this section on publication as RFC.] | [RFC Editor: Please delete this section on publication as RFC.] | |||
| B.1. Changes to draft-ietf-lisp-eid-anonymity-04 | B.1. Changes to draft-ietf-lisp-eid-anonymity-05 | |||
| o Posted March IETF week 2019. | ||||
| o Do not state that ephemeral EIDs make the privacy problem worse. | ||||
| B.2. Changes to draft-ietf-lisp-eid-anonymity-04 | ||||
| o Posted October 2018 before Bangkok IETF deadline. | o Posted October 2018 before Bangkok IETF deadline. | |||
| o Made Padma requested changes to refer to ephemeral-EIDs allowed to | o Made Padma requested changes to refer to ephemeral-EIDs allowed to | |||
| have many on one interface and can be registered with more than 1 | have many on one interface and can be registered with more than 1 | |||
| RLOC but one RLOC-set. | RLOC but one RLOC-set. | |||
| B.2. Changes to draft-ietf-lisp-eid-anonymity-03 | B.3. Changes to draft-ietf-lisp-eid-anonymity-03 | |||
| o Posted October 2018. | o Posted October 2018. | |||
| o Update document timer and references. | o Update document timer and references. | |||
| B.3. Changes to draft-ietf-lisp-eid-anonymity-02 | B.4. Changes to draft-ietf-lisp-eid-anonymity-02 | |||
| o Posted April 2018. | o Posted April 2018. | |||
| o Update document timer and references. | o Update document timer and references. | |||
| B.4. Changes to draft-ietf-lisp-eid-anonymity-01 | B.5. Changes to draft-ietf-lisp-eid-anonymity-01 | |||
| o Posted October 2017. | o Posted October 2017. | |||
| o Add to section 5 that PKI can be used to authenticate EIDs. | o Add to section 5 that PKI can be used to authenticate EIDs. | |||
| o Update references. | o Update references. | |||
| B.5. Changes to draft-ietf-lisp-eid-anonymity-00 | B.6. Changes to draft-ietf-lisp-eid-anonymity-00 | |||
| o Posted August 2017. | o Posted August 2017. | |||
| o Made draft-farinacci-lisp-eid-anonymity-02 a LISP working group | o Made draft-farinacci-lisp-eid-anonymity-02 a LISP working group | |||
| document. | document. | |||
| B.6. Changes to draft-farinacci-lisp-eid-anonymity-02 | B.7. Changes to draft-farinacci-lisp-eid-anonymity-02 | |||
| o Posted April 2017. | o Posted April 2017. | |||
| o Added section describing how ephemeral-EIDs can use a public key | o Added section describing how ephemeral-EIDs can use a public key | |||
| hash as an alternative to a random number. | hash as an alternative to a random number. | |||
| o Indciate when an EID/RLOC co-located, that the xTR can register | o Indciate when an EID/RLOC co-located, that the xTR can register | |||
| the EID when it is configured or changed versus waiting for a | the EID when it is configured or changed versus waiting for a | |||
| packet to be sent as in the EID/RLOC separated case. | packet to be sent as in the EID/RLOC separated case. | |||
| B.7. Changes to draft-farinacci-lisp-eid-anonymity-01 | B.8. Changes to draft-farinacci-lisp-eid-anonymity-01 | |||
| o Posted October 2016. | o Posted October 2016. | |||
| o Update document timer. | o Update document timer. | |||
| B.8. Changes to draft-farinacci-lisp-eid-anonymity-00 | B.9. Changes to draft-farinacci-lisp-eid-anonymity-00 | |||
| o Posted April 2016. | o Posted April 2016. | |||
| o Initial posting. | o Initial posting. | |||
| Authors' Addresses | Authors' Addresses | |||
| Dino Farinacci | Dino Farinacci | |||
| lispers.net | lispers.net | |||
| San Jose, CA | San Jose, CA | |||
| End of changes. 17 change blocks. | ||||
| 30 lines changed or deleted | 36 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||