Re: [Int-area] Completion of working group last call for draft-ietf-intarea-nat-reveal-analysis-02
On Aug 6, 2012, at 5:29 PM, Dan Wing wrote: ... During the INTAREA presentation, one suggestion I heard was a separate protocol (ident-like). I will submit an I-D towards that end, which I am dusting off from 2010 when I first considered ident and discarded it for a variety of reasons. Do you have additional suggestions on how to accomplish convey an identifer? There are two separate problems: - establishing an identity and pairing it with a tag - getting that tag into connections so each connection can be correlated back to the identity This draft focuses on the second step. The first is either trivial (with cooperating entities) or needs to be inferred if possible (with non-cooperating/legacy entities). It doesn't matter whether the entity is a person or a machine in general, though this draft focuses on machine entities. Any out-of-band mechanism shares the fate of ident in this doc, as noted in Sec 5.9, though. Is there a point to generating another solution in that space? Joe ___ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
Re: [Int-area] Completion of working group last call for draft-ietf-intarea-nat-reveal-analysis-02
On Wed, Aug 8, 2012 at 10:49 AM, Joe Touch to...@isi.edu wrote: On Aug 6, 2012, at 5:29 PM, Dan Wing wrote: ... During the INTAREA presentation, one suggestion I heard was a separate protocol (ident-like). I will submit an I-D towards that end, which I am dusting off from 2010 when I first considered ident and discarded it for a variety of reasons. Do you have additional suggestions on how to accomplish convey an identifer? There are two separate problems: - establishing an identity and pairing it with a tag - getting that tag into connections so each connection can be correlated back to the identity 3) making sure that not everyone can associate the identity with that tag. ___ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
Re: [Int-area] Completion of working group last call for draft-ietf-intarea-nat-reveal-analysis-02
-Original Message- From: Scott Brim [mailto:scott.b...@gmail.com] Sent: Wednesday, August 08, 2012 8:02 AM To: Joe Touch Cc: Dan Wing; Internet Area; Behcet Sarikaya Subject: Re: [Int-area] Completion of working group last call for draft-ietf-intarea-nat-reveal-analysis-02 On Wed, Aug 8, 2012 at 10:49 AM, Joe Touch to...@isi.edu wrote: On Aug 6, 2012, at 5:29 PM, Dan Wing wrote: ... During the INTAREA presentation, one suggestion I heard was a separate protocol (ident-like). I will submit an I-D towards that end, which I am dusting off from 2010 when I first considered ident and discarded it for a variety of reasons. Do you have additional suggestions on how to accomplish convey an identifer? There are two separate problems: - establishing an identity and pairing it with a tag - getting that tag into connections so each connection can be correlated back to the identity 3) making sure that not everyone can associate the identity with that tag. Scott, Today's Internet users, which are not sharing addresses with other users, are sending an uniquely-identifyable identifier to every Internet server they use: their unique IP address. -d ___ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
Re: [Int-area] Completion of working group last call for draft-ietf-intarea-nat-reveal-analysis-02
On Aug 8, 2012, at 8:30 AM, Dan Wing wrote: 3) making sure that not everyone can associate the identity with that tag. Scott, Today's Internet users, which are not sharing addresses with other users, are sending an uniquely-identifyable identifier to every Internet server they use: their unique IP address. Given how IP addresses are used today, an address alone is insufficient to indicate a host. That's the whole point of this doc. Addresses and ports together sometimes do, but not in all cases. Other IDs are required - again, the conclusion of this doc. Out-of-band IDs are problematic for many reasons, again as per Sec 5.9 Joe ___ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
Re: [Int-area] Completion of working group last call for draft-ietf-intarea-nat-reveal-analysis-02
On 8/8/2012 11:30 AM, Dan Wing wrote: Today's Internet users, which are not sharing addresses with other users, are sending an uniquely-identifyable identifier to every Internet server they use: their unique IP address. Users don't have IP addresses. Machines do. Which are we trying to identify again? I think the distinction is important since the relation between users and devices can be one-to-many, or many-to-one, and certainly isn't one-to-one, even if we went back in time when the relation between end-host machines and addresses might have been closer to one-to-one. I also don't think user and subscriber are synonyms for many purposes, though some of the reveal-analysis seems to be more oriented towards identifying the access network subscriber. That subscriber generally may have quite a few users and machines behind them. -- Wes Eddy MTI Systems ___ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area