Re: [Lsr] Benjamin Kaduk's No Objection on draft-ietf-ospf-lls-interface-id-08: (with COMMENT)

[Acee Lindem (acee)]

Hi Ben,

On 10/30/18, 10:08 AM, "Benjamin Kaduk" <ka...@mit.edu> wrote:

    Hi Acee,
    
    On Thu, Oct 25, 2018 at 01:51:42PM +0000, Acee Lindem (acee) wrote:
    > Hi Ben, 
    > 
    > On 10/25/18, 8:22 AM, "Benjamin Kaduk" <ka...@mit.edu> wrote:
    > 
    >     Benjamin Kaduk has entered the following ballot position for
    >     draft-ietf-ospf-lls-interface-id-08: No Objection
    >     
    >     When responding, please keep the subject line intact and reply to all
    >     email addresses included in the To and CC lines. (Feel free to cut 
this
    >     introductory paragraph, however.)
    >     
    >     
    >     Please refer to 
https://www.ietf.org/iesg/statement/discuss-criteria.html
    >     for more information about IESG DISCUSS and COMMENT positions.
    >     
    >     
    >     The document, along with other ballot positions, can be found here:
    >     https://datatracker.ietf.org/doc/draft-ietf-ospf-lls-interface-id/
    >     
    >     
    >     
    >     ----------------------------------------------------------------------
    >     COMMENT:
    >     ----------------------------------------------------------------------
    >     
    >     Sending a new type of information to the peer usually involves a 
privacy
    >     considerations analysis.  I don't expect there to be anything 
worrisome
    >     here, but some text in the document indicating that the analysis has 
been
    >     done would be reassuring.
    > 
    > Can you suggest some text? I was thinking:
    
    I'm not sure that I could -- I don't have confidence that I understand the
    system well enough to frame something in a complete and correct way.
    
    >    Since the scope of the interface ID is limited to the advertising OSPF 
router 
    >    uniquely identifying links, there are no privacy concerns associated 
with its
    >    advertisement.
    
    I wonder if there is a step missing to link these together -- that the
    links are generally fixed and immobile, or that the scope of distribution
    is limited to a set of trusted peers, perhaps?

The point I'm making is that since the interface ID is only unique for the 
network device, it doesn't provide any clue as to the identity of the device 
owner or traffic transiting the device. Hence, there are no privacy 
considerations associated with extension. It is also true that routing peers 
are trusted but that is a moot point for this extension In the context of 
privacy. 

Thanks,
Acee 

    
    Sorry I can't be more helpful...
    
    -Benjamin
    

_______________________________________________
Lsr mailing list
Lsr@ietf.org
https://www.ietf.org/mailman/listinfo/lsr