--- 1/draft-ietf-lisp-eid-anonymity-04.txt 2019-03-28 16:13:32.661414122 -0700 +++ 2/draft-ietf-lisp-eid-anonymity-05.txt 2019-03-28 16:13:32.705415271 -0700 @@ -1,21 +1,21 @@ Network Working Group D. Farinacci Internet-Draft lispers.net Intended status: Experimental P. Pillay-Esnault -Expires: April 25, 2019 Huawei Technologies +Expires: September 29, 2019 Huawei Technologies W. Haddad Ericsson - October 22, 2018 + March 28, 2019 LISP EID Anonymity - draft-ietf-lisp-eid-anonymity-04 + draft-ietf-lisp-eid-anonymity-05 Abstract This specification will describe how ephemeral LISP EIDs can be used to create source anonymity. The idea makes use of frequently changing EIDs much like how a credit-card system uses a different credit-card numbers for each transaction. Requirements Language @@ -31,25 +31,25 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on April 25, 2019. + This Internet-Draft will expire on September 29, 2019. Copyright Notice - Copyright (c) 2018 IETF Trust and the persons identified as the + Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as @@ -65,28 +65,29 @@ 6. Interworking Considerations . . . . . . . . . . . . . . . . . 5 7. Multicast Considerations . . . . . . . . . . . . . . . . . . 5 8. Performance Improvements . . . . . . . . . . . . . . . . . . 6 9. Security Considerations . . . . . . . . . . . . . . . . . . . 6 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 11.1. Normative References . . . . . . . . . . . . . . . . . . 6 11.2. Informative References . . . . . . . . . . . . . . . . . 8 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 8 Appendix B. Document Change Log . . . . . . . . . . . . . . . . 8 - B.1. Changes to draft-ietf-lisp-eid-anonymity-04 . . . . . . . 8 - B.2. Changes to draft-ietf-lisp-eid-anonymity-03 . . . . . . . 8 - B.3. Changes to draft-ietf-lisp-eid-anonymity-02 . . . . . . . 9 - B.4. Changes to draft-ietf-lisp-eid-anonymity-01 . . . . . . . 9 - B.5. Changes to draft-ietf-lisp-eid-anonymity-00 . . . . . . . 9 - B.6. Changes to draft-farinacci-lisp-eid-anonymity-02 . . . . 9 - B.7. Changes to draft-farinacci-lisp-eid-anonymity-01 . . . . 9 - B.8. Changes to draft-farinacci-lisp-eid-anonymity-00 . . . . 9 + B.1. Changes to draft-ietf-lisp-eid-anonymity-05 . . . . . . . 8 + B.2. Changes to draft-ietf-lisp-eid-anonymity-04 . . . . . . . 8 + B.3. Changes to draft-ietf-lisp-eid-anonymity-03 . . . . . . . 9 + B.4. Changes to draft-ietf-lisp-eid-anonymity-02 . . . . . . . 9 + B.5. Changes to draft-ietf-lisp-eid-anonymity-01 . . . . . . . 9 + B.6. Changes to draft-ietf-lisp-eid-anonymity-00 . . . . . . . 9 + B.7. Changes to draft-farinacci-lisp-eid-anonymity-02 . . . . 9 + B.8. Changes to draft-farinacci-lisp-eid-anonymity-01 . . . . 9 + B.9. Changes to draft-farinacci-lisp-eid-anonymity-00 . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 1. Introduction The LISP architecture [RFC6830] specifies two namespaces, End-Point IDs (EIDs) and Routing Locators (RLOCs). An EID identifies a node in the network and the RLOC indicates the EID's topological location. Typically EIDs are globally unique so a end-node system can connect to any other end-node system on the Internet. Privately used EIDs are allowed when scoped within a VPN but must always be unique within @@ -85,33 +86,32 @@ 1. Introduction The LISP architecture [RFC6830] specifies two namespaces, End-Point IDs (EIDs) and Routing Locators (RLOCs). An EID identifies a node in the network and the RLOC indicates the EID's topological location. Typically EIDs are globally unique so a end-node system can connect to any other end-node system on the Internet. Privately used EIDs are allowed when scoped within a VPN but must always be unique within that scope. Therefore, address allocation is required by network administration to avoid address collisions or duplicate address use. + In a multiple namespace architecture like LISP, typically the EID will stay fixed while the RLOC can change. This occurs when the EID is mobile or when the LISP site the EID resides in changes its connection to the Internet. LISP creates the opportunity where EIDs are fixed and won't change. - This can create a privacy problem more so than what we have on the - Internet today. This draft will examine a technique to allow a end- - node system to use a temporary address. The lifetime of a temporary - address can be the same as a lifetime of an address in use today on - the Internet or can have traditionally shorter lifetimes, possibly on - the order of a day or even change as frequent as new connection - attempts. + This draft will examine a technique to allow a end-node system to use + a temporary address. The lifetime of a temporary address can be the + same as a lifetime of an address in use today on the Internet or can + have traditionally shorter lifetimes, possibly on the order of a day + or even change as frequent as new connection attempts. 2. Definition of Terms Ephemeral-EID - is an IP address that is created randomly for use for a temporary period of time. An Ephemeral-EID has all the properties of an EID as defined in [RFC6830]. Ephemeral-EIDs are not stored in the Domain Name System (DNS) and should not be used in long-term address referrals. Client End-Node - is a network node that originates and consumes @@ -336,90 +336,96 @@ 11.2. Informative References [I-D.farinacci-lisp-ecdsa-auth] Farinacci, D. and E. Nordmark, "LISP Control-Plane ECDSA Authentication and Authorization", draft-farinacci-lisp- ecdsa-auth-03 (work in progress), September 2018. [I-D.ietf-lisp-eid-mobility] Portoles-Comeras, M., Ashtaputre, V., Moreno, V., Maino, F., and D. Farinacci, "LISP L2/L3 EID Mobility Using a - Unified Control Plane", draft-ietf-lisp-eid-mobility-02 - (work in progress), May 2018. + Unified Control Plane", draft-ietf-lisp-eid-mobility-03 + (work in progress), November 2018. [I-D.ietf-lisp-signal-free-multicast] Moreno, V. and D. Farinacci, "Signal-Free LISP Multicast", draft-ietf-lisp-signal-free-multicast-09 (work in progress), March 2018. Appendix A. Acknowledgments The author would like to thank the LISP WG for their review and acceptance of this draft. Appendix B. Document Change Log [RFC Editor: Please delete this section on publication as RFC.] -B.1. Changes to draft-ietf-lisp-eid-anonymity-04 +B.1. Changes to draft-ietf-lisp-eid-anonymity-05 + + o Posted March IETF week 2019. + + o Do not state that ephemeral EIDs make the privacy problem worse. + +B.2. Changes to draft-ietf-lisp-eid-anonymity-04 o Posted October 2018 before Bangkok IETF deadline. o Made Padma requested changes to refer to ephemeral-EIDs allowed to have many on one interface and can be registered with more than 1 RLOC but one RLOC-set. -B.2. Changes to draft-ietf-lisp-eid-anonymity-03 +B.3. Changes to draft-ietf-lisp-eid-anonymity-03 o Posted October 2018. o Update document timer and references. -B.3. Changes to draft-ietf-lisp-eid-anonymity-02 +B.4. Changes to draft-ietf-lisp-eid-anonymity-02 o Posted April 2018. o Update document timer and references. -B.4. Changes to draft-ietf-lisp-eid-anonymity-01 +B.5. Changes to draft-ietf-lisp-eid-anonymity-01 o Posted October 2017. o Add to section 5 that PKI can be used to authenticate EIDs. o Update references. -B.5. Changes to draft-ietf-lisp-eid-anonymity-00 +B.6. Changes to draft-ietf-lisp-eid-anonymity-00 o Posted August 2017. o Made draft-farinacci-lisp-eid-anonymity-02 a LISP working group document. -B.6. Changes to draft-farinacci-lisp-eid-anonymity-02 +B.7. Changes to draft-farinacci-lisp-eid-anonymity-02 o Posted April 2017. o Added section describing how ephemeral-EIDs can use a public key hash as an alternative to a random number. o Indciate when an EID/RLOC co-located, that the xTR can register the EID when it is configured or changed versus waiting for a packet to be sent as in the EID/RLOC separated case. -B.7. Changes to draft-farinacci-lisp-eid-anonymity-01 +B.8. Changes to draft-farinacci-lisp-eid-anonymity-01 o Posted October 2016. o Update document timer. -B.8. Changes to draft-farinacci-lisp-eid-anonymity-00 +B.9. Changes to draft-farinacci-lisp-eid-anonymity-00 o Posted April 2016. o Initial posting. Authors' Addresses Dino Farinacci lispers.net San Jose, CA