[Ndn-interest] NDN protocol principles: no privacy?

Mark Stapp mjs at cisco.com
Mon Mar 14 06:20:12 PDT 2016

wow - just to be clear:

On 3/14/16 12:07 AM, GTS wrote:
> Hi Mark,
> just to be clear: even if it can't be defined well, I'm all for privacy
> in any modern network architecture,
> NDN and CCN included. Note that NDN wouldn't have been funded by the NSF
> if privacy (and security)
> weren't prominent in the architecture. (NSF made
> privacy+security-by-design a major requirement
> for funding.) And I believe it was/is, indeed, prominent in NDN.

that is a statement I've heard repeated, but the deeds don't align with 
the words. NDN has encouraged the use of long-lived public/private key 
pairs, and that makes individuals highly observable, and vulnerable in 
the case of key compromise. I don't know whether NSF noticed, but ... 
you can't do your banking with this stuff yet - and it's been years. and 
since the folks in charge flat-out reject DH negotiation, it's a little 
hard to see how they're going to come up with any forward-secure 
approach. just exactly what privacy-by-design feature are you referring to?

> My analogy was perhaps not the best but I was trying to say that
> extolling privacy as a principle
> might be viewed as pollyannish, (sorry for another one) a bit like
> Google's (in)famous "don't be evil"
> motto.

just pointing out that you began by sort of implying that the principle 
was already in place - and that NSF had approved of the path NDN has 
taken. I have heard the words you echoed in your email many times - and 
so I was pointing out the absence of any privacy or confidentiality 
'principle' in the initial list of six.


> p.s. I also agree that opportunistic caching is a privacy concern,
> especially, close to
> the edges of the network. At the same time, I keep hearing that caching
> in the network core
> is unlikely. If that is true, privacy might be hard to achieve. Or,
> caching might not be used.
> After all, it's not mandatory, if I recall correctly (i.e., not only a
> router is not obliged to
> cache everything, but a producer can request "no caching for specific
> content).

the issue is that some of the other NDN mechanisms, like 'sync', rely on 
broadcasting and shared caching. and then that becomes a fundamental 
basis for ... every other example - the routing protocol, the NDN-RTC 
scheme, etc.

and of course (again, as I'm sure you know) the issue isn't that you 
can't _ask_ unknown routers controlled by unknown parties _not_ to 
observe you, or capture/record your communication. the issue is that 
they may act against you anyway. as an individual user, you can only 
limit what an adversary can do, and using best-practice communication 
and crypto techniques is one of the best ways we know of to accomplish that.


More information about the Ndn-interest mailing list