draft-ietf-lisp-eid-anonymity-05.txt   draft-ietf-lisp-eid-anonymity-06.txt 
Network Working Group D. Farinacci Network Working Group D. Farinacci
Internet-Draft lispers.net Internet-Draft lispers.net
Intended status: Experimental P. Pillay-Esnault Intended status: Experimental P. Pillay-Esnault
Expires: September 29, 2019 Huawei Technologies Expires: October 13, 2019 Huawei Technologies
W. Haddad W. Haddad
Ericsson Ericsson
March 28, 2019 April 11, 2019
LISP EID Anonymity LISP EID Anonymity
draft-ietf-lisp-eid-anonymity-05 draft-ietf-lisp-eid-anonymity-06
Abstract Abstract
This specification will describe how ephemeral LISP EIDs can be used This specification will describe how ephemeral LISP EIDs can be used
to create source anonymity. The idea makes use of frequently to create source anonymity. The idea makes use of frequently
changing EIDs much like how a credit-card system uses a different changing EIDs much like how a credit-card system uses a different
credit-card numbers for each transaction. credit-card numbers for each transaction.
Requirements Language Requirements Language
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 29, 2019. This Internet-Draft will expire on October 13, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 32 skipping to change at page 2, line 32
6. Interworking Considerations . . . . . . . . . . . . . . . . . 5 6. Interworking Considerations . . . . . . . . . . . . . . . . . 5
7. Multicast Considerations . . . . . . . . . . . . . . . . . . 5 7. Multicast Considerations . . . . . . . . . . . . . . . . . . 5
8. Performance Improvements . . . . . . . . . . . . . . . . . . 6 8. Performance Improvements . . . . . . . . . . . . . . . . . . 6
9. Security Considerations . . . . . . . . . . . . . . . . . . . 6 9. Security Considerations . . . . . . . . . . . . . . . . . . . 6
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
11.1. Normative References . . . . . . . . . . . . . . . . . . 6 11.1. Normative References . . . . . . . . . . . . . . . . . . 6
11.2. Informative References . . . . . . . . . . . . . . . . . 8 11.2. Informative References . . . . . . . . . . . . . . . . . 8
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 8 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 8
Appendix B. Document Change Log . . . . . . . . . . . . . . . . 8 Appendix B. Document Change Log . . . . . . . . . . . . . . . . 8
B.1. Changes to draft-ietf-lisp-eid-anonymity-05 . . . . . . . 8 B.1. Changes to draft-ietf-lisp-eid-anonymity-06 . . . . . . . 8
B.2. Changes to draft-ietf-lisp-eid-anonymity-04 . . . . . . . 8 B.2. Changes to draft-ietf-lisp-eid-anonymity-05 . . . . . . . 8
B.3. Changes to draft-ietf-lisp-eid-anonymity-03 . . . . . . . 9 B.3. Changes to draft-ietf-lisp-eid-anonymity-04 . . . . . . . 9
B.4. Changes to draft-ietf-lisp-eid-anonymity-02 . . . . . . . 9 B.4. Changes to draft-ietf-lisp-eid-anonymity-03 . . . . . . . 9
B.5. Changes to draft-ietf-lisp-eid-anonymity-01 . . . . . . . 9 B.5. Changes to draft-ietf-lisp-eid-anonymity-02 . . . . . . . 9
B.6. Changes to draft-ietf-lisp-eid-anonymity-00 . . . . . . . 9 B.6. Changes to draft-ietf-lisp-eid-anonymity-01 . . . . . . . 9
B.7. Changes to draft-farinacci-lisp-eid-anonymity-02 . . . . 9 B.7. Changes to draft-ietf-lisp-eid-anonymity-00 . . . . . . . 9
B.8. Changes to draft-farinacci-lisp-eid-anonymity-01 . . . . 9 B.8. Changes to draft-farinacci-lisp-eid-anonymity-02 . . . . 9
B.9. Changes to draft-farinacci-lisp-eid-anonymity-00 . . . . 10 B.9. Changes to draft-farinacci-lisp-eid-anonymity-01 . . . . 10
B.10. Changes to draft-farinacci-lisp-eid-anonymity-00 . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
The LISP architecture [RFC6830] specifies two namespaces, End-Point The LISP architecture [RFC6830] specifies two namespaces, End-Point
IDs (EIDs) and Routing Locators (RLOCs). An EID identifies a node in IDs (EIDs) and Routing Locators (RLOCs). An EID identifies a node in
the network and the RLOC indicates the EID's topological location. the network and the RLOC indicates the EID's topological location.
Typically EIDs are globally unique so a end-node system can connect Typically EIDs are globally unique so an end-node system can connect
to any other end-node system on the Internet. Privately used EIDs to any other end-node system on the Internet. Privately used EIDs
are allowed when scoped within a VPN but must always be unique within are allowed when scoped within a VPN but must always be unique within
that scope. Therefore, address allocation is required by network that scope. Therefore, address allocation is required by network
administration to avoid address collisions or duplicate address use. administration to avoid address collisions or duplicate address use.
In a multiple namespace architecture like LISP, typically the EID In a multiple namespace architecture like LISP, typically the EID
will stay fixed while the RLOC can change. This occurs when the EID will stay fixed while the RLOC can change. This occurs when the EID
is mobile or when the LISP site the EID resides in changes its is mobile or when the LISP site the EID resides in changes its
connection to the Internet. connection to the Internet.
LISP creates the opportunity where EIDs are fixed and won't change. LISP creates the opportunity where EIDs are fixed and won't change.
This draft will examine a technique to allow a end-node system to use This draft will examine a technique to allow a end-node system to use
a temporary address. The lifetime of a temporary address can be the a temporary address. The lifetime of a temporary address can be the
same as a lifetime of an address in use today on the Internet or can same as a lifetime of an address in use today on the Internet or can
have traditionally shorter lifetimes, possibly on the order of a day have traditionally shorter lifetimes, possibly on the order of a day
skipping to change at page 3, line 38 skipping to change at page 3, line 38
services as a server system would. It accesses servers and services as a server system would. It accesses servers and
attempts to do it anonymously. attempts to do it anonymously.
3. Overview 3. Overview
A client end-node can assign its own ephemeral EID and use it to talk A client end-node can assign its own ephemeral EID and use it to talk
to any system on the Internet. The system is acting as a client to any system on the Internet. The system is acting as a client
where it initiates communication and desires to be an inaccessible where it initiates communication and desires to be an inaccessible
resource from any other system. The ephemeral EID is used as a resource from any other system. The ephemeral EID is used as a
destination address solely to return packets to resources the destination address solely to return packets to resources the
ephemeral EID connects to. ephemeral EID connects to. A client-node may simultaneously use a
traditional EID along with ephemeral EIDs in parallel and are not
mutually exclusive. A client may choose to use the ephemeral EIDs
with some peers only where it needs to preserve anonymity.
Here is the procedure a client end-node would use: Here is the procedure a client end-node would use:
1. Client end-node desires to talk on the network. It creates and 1. Client end-node desires to talk on the network. It creates and
assigns an ephemeral-EID on any interface. The client end-node assigns an ephemeral-EID on any interface. The client end-node
may also assign multiple ephemeral-EIDs on the same interface or may also assign multiple ephemeral-EIDs on the same interface or
across different interfaces. across different interfaces.
2. If the client end-node is a LISP xTR, it will register ephemeral- 2. If the client end-node is a LISP xTR, it will register ephemeral-
EIDs mapped to underlay routable RLOCs. If the client end-node EIDs mapped to underlay routable RLOCs. If the client end-node
skipping to change at page 4, line 32 skipping to change at page 4, line 35
block 2001:5::/32 [RFC7954] when IPv6 is used. See IANA block 2001:5::/32 [RFC7954] when IPv6 is used. See IANA
Considerations section for a specific sub-block allocation request. Considerations section for a specific sub-block allocation request.
When IPv4 is used, the Class E block 240.0.0.0/4 is being proposed. When IPv4 is used, the Class E block 240.0.0.0/4 is being proposed.
The client end-node system will use the rest of the host bits to The client end-node system will use the rest of the host bits to
allocate a random number to be used as the ephemeral-EID. The EID allocate a random number to be used as the ephemeral-EID. The EID
can be created manually or via a programatic interface. When the EID can be created manually or via a programatic interface. When the EID
address is going to change frequently, it is suggested to use a address is going to change frequently, it is suggested to use a
programatic interface. The probability of address collision is programatic interface. The probability of address collision is
unlikely for IPv6 EIDs but could occur for IPv4 EIDs. A client end- unlikely for IPv6 EIDs but could occur for IPv4 EIDs. A client end-
node can create a ephemeral-EID and then look it up in the mapping node can create an ephemeral-EID and then look it up in the mapping
system to see if it exists. If the EID exists in the mapping system, system to see if it exists. If the EID exists in the mapping system,
the client end-node can attempt creation of a new random number for the client end-node can attempt creation of a new random number for
the ephemeral-EID. See Section 8 where ephemeral-EIDs can be the ephemeral-EID. See Section 8 where ephemeral-EIDs can be
preallocated and registered to the mapping system before use. preallocated and registered to the mapping system before use.
When the client end-node system is co-located with the RLOC and acts When the client end-node system is co-located with the RLOC and acts
as an xTR, it should register the binding before sending packets. as an xTR, it should register the binding before sending packets.
This eliminates a race condition for returning packets not knowing This eliminates a race condition for returning packets not knowing
where to encapsulate packets to the ephemeral-EID's RLOCs. See where to encapsulate packets to the ephemeral-EID's RLOCs. See
Section 8 for alternatives for fixing this race condition problem. Section 8 for alternatives for fixing this race condition problem.
skipping to change at page 6, line 11 skipping to change at page 6, line 11
band mechanisms. These mechanisms need to support ephemeral-EIDs. band mechanisms. These mechanisms need to support ephemeral-EIDs.
Otherwise, PIM-ASM [RFC4602] or PIM-Bidir [RFC5015] will need to be Otherwise, PIM-ASM [RFC4602] or PIM-Bidir [RFC5015] will need to be
used. used.
8. Performance Improvements 8. Performance Improvements
An optimization to reduce the race condition between registering An optimization to reduce the race condition between registering
ephemeral-EIDs and returning packets as well as reducing the ephemeral-EIDs and returning packets as well as reducing the
probability of ephemeral-EID address collision is to preload the probability of ephemeral-EID address collision is to preload the
mapping database with a list of ephemeral-EIDs before using them. It mapping database with a list of ephemeral-EIDs before using them. It
comes at a expense of rebinding all of registered ephemeral-EIDs when comes at the expense of rebinding all of registered ephemeral-EIDs
there is an RLOC change. There is work in progress to consider when there is an RLOC change. There is work in progress to consider
adding a level of indirection here so a single entry gets the RLOC adding a level of indirection here so a single entry gets the RLOC
update and the list of ephemeral-EIDs point to the single entry. update and the list of ephemeral-EIDs point to the single entry.
9. Security Considerations 9. Security Considerations
When LISP-crypto [RFC8061] is used the EID payload is more secure When LISP-crypto [RFC8061] is used the EID payload is more secure
through encryption providing EID obfuscation of the ephemeral-EID as through encryption providing EID obfuscation of the ephemeral-EID as
well as the global-EID it is communicating with. But the obfuscation well as the global-EID it is communicating with. But the obfuscation
only occurs between xTRs. So the randomness of a ephemeral-EID only occurs between xTRs. So the randomness of a ephemeral-EID
inside of LISP sites provide a new level of privacy. inside of LISP sites provide a new level of privacy.
skipping to change at page 8, line 37 skipping to change at page 8, line 37
Appendix A. Acknowledgments Appendix A. Acknowledgments
The author would like to thank the LISP WG for their review and The author would like to thank the LISP WG for their review and
acceptance of this draft. acceptance of this draft.
Appendix B. Document Change Log Appendix B. Document Change Log
[RFC Editor: Please delete this section on publication as RFC.] [RFC Editor: Please delete this section on publication as RFC.]
B.1. Changes to draft-ietf-lisp-eid-anonymity-05 B.1. Changes to draft-ietf-lisp-eid-anonymity-06
o Posted end of March 2019.
o Padma had more basic edits and some clarification text.
B.2. Changes to draft-ietf-lisp-eid-anonymity-05
o Posted March IETF week 2019. o Posted March IETF week 2019.
o Do not state that ephemeral EIDs make the privacy problem worse. o Do not state that ephemeral EIDs make the privacy problem worse.
B.2. Changes to draft-ietf-lisp-eid-anonymity-04 B.3. Changes to draft-ietf-lisp-eid-anonymity-04
o Posted October 2018 before Bangkok IETF deadline. o Posted October 2018 before Bangkok IETF deadline.
o Made Padma requested changes to refer to ephemeral-EIDs allowed to o Made Padma requested changes to refer to ephemeral-EIDs allowed to
have many on one interface and can be registered with more than 1 have many on one interface and can be registered with more than 1
RLOC but one RLOC-set. RLOC but one RLOC-set.
B.3. Changes to draft-ietf-lisp-eid-anonymity-03 B.4. Changes to draft-ietf-lisp-eid-anonymity-03
o Posted October 2018. o Posted October 2018.
o Update document timer and references. o Update document timer and references.
B.4. Changes to draft-ietf-lisp-eid-anonymity-02 B.5. Changes to draft-ietf-lisp-eid-anonymity-02
o Posted April 2018. o Posted April 2018.
o Update document timer and references. o Update document timer and references.
B.5. Changes to draft-ietf-lisp-eid-anonymity-01 B.6. Changes to draft-ietf-lisp-eid-anonymity-01
o Posted October 2017. o Posted October 2017.
o Add to section 5 that PKI can be used to authenticate EIDs. o Add to section 5 that PKI can be used to authenticate EIDs.
o Update references. o Update references.
B.6. Changes to draft-ietf-lisp-eid-anonymity-00 B.7. Changes to draft-ietf-lisp-eid-anonymity-00
o Posted August 2017. o Posted August 2017.
o Made draft-farinacci-lisp-eid-anonymity-02 a LISP working group o Made draft-farinacci-lisp-eid-anonymity-02 a LISP working group
document. document.
B.7. Changes to draft-farinacci-lisp-eid-anonymity-02 B.8. Changes to draft-farinacci-lisp-eid-anonymity-02
o Posted April 2017. o Posted April 2017.
o Added section describing how ephemeral-EIDs can use a public key o Added section describing how ephemeral-EIDs can use a public key
hash as an alternative to a random number. hash as an alternative to a random number.
o Indciate when an EID/RLOC co-located, that the xTR can register o Indciate when an EID/RLOC co-located, that the xTR can register
the EID when it is configured or changed versus waiting for a the EID when it is configured or changed versus waiting for a
packet to be sent as in the EID/RLOC separated case. packet to be sent as in the EID/RLOC separated case.
B.8. Changes to draft-farinacci-lisp-eid-anonymity-01 B.9. Changes to draft-farinacci-lisp-eid-anonymity-01
o Posted October 2016. o Posted October 2016.
o Update document timer. o Update document timer.
B.9. Changes to draft-farinacci-lisp-eid-anonymity-00 B.10. Changes to draft-farinacci-lisp-eid-anonymity-00
o Posted April 2016. o Posted April 2016.
o Initial posting. o Initial posting.
Authors' Addresses Authors' Addresses
Dino Farinacci Dino Farinacci
lispers.net lispers.net
San Jose, CA San Jose, CA
 End of changes. 19 change blocks. 
28 lines changed or deleted 37 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/