[Ndn-interest] NDN protocol principles: no privacy?
mjs at cisco.com
Mon Mar 14 09:25:27 PDT 2016
On 3/14/16 11:02 AM, Burke, Jeff wrote:
>> that is a statement I've heard repeated, but the deeds don't align with
>> the words. NDN has encouraged the use of long-lived public/private key
>> pairs, and that makes individuals highly observable, and vulnerable in
>> the case of key compromise. I don't know whether NSF noticed, but ...
>> you can't do your banking with this stuff yet - and it's been years. and
>> since the folks in charge flat-out reject DH negotiation, it's a little
>> hard to see how they're going to come up with any forward-secure
>> approach. just exactly what privacy-by-design feature are you referring to?
> Where are you getting this impression of a lack of interest in
security? Six of the last ten NDN tech reports deal with
security-related topics, several of the techniques could be extended to
use ephemeral keys, and a few have discussions of forward secrecy.
so ... I was referring specifically to privacy, not "security" in
general. having "discussions" about forward-security is not equivalent
to implementing and mandating it? as long as user activity can be
correlated readily, there's an exposure that seems to me to be
undesireable - and it's unnecessary, given the technology that exists.
the initial point I was trying to make was that it felt (to me) that
there was a gap in the list of six because there was no mention of
private communication. as I said in an earlier email, even having a
broad statement would seem to be desireable.
> Can you give an example or two of what such a satisfactory privacy
principle might look like? (Perhaps there is disagreement about whether
this is a principle for the architecture or applications, but
articulating it seems valuable. We've certainly set it up as a goal for
some of the current applications proposed for the current NSF work.)
sure, that'd be fun:
NDN communication should use, by default, best-practice cryptographic
methods to ensure privacy and confidentiality. unlike IP communication,
where privacy is implemented by add-on libraries and has to be
"programmed in" by each application implementation, NDN will encourage
use of ephemerally-keyed, forward-secure protection for all
communication by making negotiation of ephemeral key material a
fundamental building-block of the architecture.
The NDN architecture shares the view of the IP community that passive
and pervasive observation represents an attack on individuals'
communication. NDN communication will meet or exceed the evolving
best-practices for privacy, confidentiality, and authentication used in
IP networking. As the internet security community advances its
understanding of the vulnerabilities affecting internet communication,
NDN will move in parallel to assess vulnerabilites and maintain parity
with the IP technologies.
> I think we were going to present contrasting ideas on all of this
(privacy at least) at the upcoming ICNRG meeting. Is that still the
plan? (I think Dirk mentioned you wouldn't be there but perhaps someone
else would present?)
I haven't looked at the agenda, but I'm certainly interested in the
topic. I won't be there in person, but I've been having some
conversations with Chris Wood, and I think he is planning to offer some
More information about the Ndn-interest