Stephen: +1 to Joel's comment. Home IP for your phone == enterprise CEO's IP phone. Both need to be secure. Access to some information is limited to administrator.
I must be missing something. Sue -----Original Message----- From: i2rs [mailto:[email protected]] On Behalf Of Joel Halpern Sent: Thursday, March 17, 2016 9:16 AM To: Stephen Farrell; Susan Hares; 'The IESG' Cc: [email protected]; [email protected]; [email protected]; [email protected] Subject: Re: [i2rs] Stephen Farrell's No Objection on draft-ietf-i2rs-architecture-13: (with COMMENT) I would hope that I2RS could be used for that (applying policy to home devices) use case. But I am not at all clear how I2RS could protect the IP address of the router containing the communicating I2RS agent. We have to have an available IP address for IP Routing. I am also not clear why this IP address is particularly more sensitive than an enterprise device IP address, or a router inside an ISP. Yours, Joel -----Original Message----- From: Stephen Farrell [mailto:[email protected]] Sent: Thursday, March 17, 2016 2:11 PM To: Susan Hares; 'The IESG' Cc: [email protected]; [email protected]; [email protected]; [email protected] Subject: Re: Stephen Farrell's No Objection on draft-ietf-i2rs-architecture-13: (with COMMENT) Hiya, Just on that one point (the rest seems fine): On 17/03/16 13:00, Susan Hares wrote: >>> - If i2rs were used to control home networks, then that would raise >>> more privacy issues, e.g. the agent's IP address can be privacy >>> sensitive. Would it be useful to rule that out of >> scope? E.g. to say that i2rs SHOULD NOT be used where the >> agent/router in question >>> is specific to one person or home? > Sue: I'm really not sure what you are getting at. Data in routers is > privacy sensitive. Data between I2RS Agent and I2RS client will be > encrypted except in very, very rare circumstances where is defined to > be public data in the data model. SECDIR, OPSDIR, RTGWG, > Transport-directorate will be asked to review any IETF data model > that claims this is the case to validate it is appropriate. So... I > think we are going beyond what people use for home networks. Let's assume all client/agent stuff is wonderfully protected e.g. via TLS. Normally, the fact that a client at IP1 is managing an agent at IP2, which is still visible despite the TLS, is not much of a deal. Nor is it a deal when that happens, e.g. in reaction to some other event, perhaps even one triggered by an attacker. But if the agent is my home g/w, then the sensitivity level goes up I think, or at least it can. The reason is that the agent's address (IP2) is tied to me. If the agent was on my phone (e.g. for tethering) then it'd be even more of a deal perhaps, as I carry it with me. If i2rs just isn't intended for such use-cases, it may be worth saying that was all I meant. Cheers, S. > _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
