[Ndn-interest] NDN protocol principles: no privacy?
mjs at cisco.com
Mon Mar 14 06:20:12 PDT 2016
wow - just to be clear:
On 3/14/16 12:07 AM, GTS wrote:
> Hi Mark,
> just to be clear: even if it can't be defined well, I'm all for privacy
> in any modern network architecture,
> NDN and CCN included. Note that NDN wouldn't have been funded by the NSF
> if privacy (and security)
> weren't prominent in the architecture. (NSF made
> privacy+security-by-design a major requirement
> for funding.) And I believe it was/is, indeed, prominent in NDN.
that is a statement I've heard repeated, but the deeds don't align with
the words. NDN has encouraged the use of long-lived public/private key
pairs, and that makes individuals highly observable, and vulnerable in
the case of key compromise. I don't know whether NSF noticed, but ...
you can't do your banking with this stuff yet - and it's been years. and
since the folks in charge flat-out reject DH negotiation, it's a little
hard to see how they're going to come up with any forward-secure
approach. just exactly what privacy-by-design feature are you referring to?
> My analogy was perhaps not the best but I was trying to say that
> extolling privacy as a principle
> might be viewed as pollyannish, (sorry for another one) a bit like
> Google's (in)famous "don't be evil"
just pointing out that you began by sort of implying that the principle
was already in place - and that NSF had approved of the path NDN has
taken. I have heard the words you echoed in your email many times - and
so I was pointing out the absence of any privacy or confidentiality
'principle' in the initial list of six.
> p.s. I also agree that opportunistic caching is a privacy concern,
> especially, close to
> the edges of the network. At the same time, I keep hearing that caching
> in the network core
> is unlikely. If that is true, privacy might be hard to achieve. Or,
> caching might not be used.
> After all, it's not mandatory, if I recall correctly (i.e., not only a
> router is not obliged to
> cache everything, but a producer can request "no caching for specific
the issue is that some of the other NDN mechanisms, like 'sync', rely on
broadcasting and shared caching. and then that becomes a fundamental
basis for ... every other example - the routing protocol, the NDN-RTC
and of course (again, as I'm sure you know) the issue isn't that you
can't _ask_ unknown routers controlled by unknown parties _not_ to
observe you, or capture/record your communication. the issue is that
they may act against you anyway. as an individual user, you can only
limit what an adversary can do, and using best-practice communication
and crypto techniques is one of the best ways we know of to accomplish that.
More information about the Ndn-interest