[Ndn-interest] NDN protocol principles: no privacy?
Mark Stapp
mjs at cisco.com
Tue Mar 15 06:25:59 PDT 2016
On 3/14/16 11:44 PM, Tai-Lin Chu wrote:
I wrote:
>> sure - I don't want to expose names that identify me, or expose my
communication activities. given that, the "network" doesn't have the job
of finding things for me by partial names - I only want to expose the
details of my communication to a service that I have authenticated, and
only when those details are encrypted. the "names" visible to the
network in that sort of world just get the packets moving - and the only
LPM needed is LPM in the FIB to get me to one or more instances of a
service.
then you wrote:
>
> Immutability is related to in-network discovery with LPM. If all
packets are immutable, and there is no in-network discovery, ndn must
rely on some other protocol that cannot not build on top of ndn for
discovery (we should all agree that randomly guessing a version number
or a certain name is not going to work well as “discovery”). This
devalues ndn as an “universal" protocol.
>
>
so ... I absolutely agree that it's not a very useful approach to have
to randomly guess 'names' in order to use the network. I agree that that
should be ... strongly questioned, if it is offered as a solution to
rendezvous.
but I think you're misunderstanding what forward-secure communication
would (probably) look like. there would not be any in-the-clear exposure
of the nature of my activities. I would engage with an instance of the
application I wanted to use, anonymously. that application would
authenticate to me, so that I would not offer my identity to an
adversary. I would possibly authenticate to the application, to gain
access to my personal context, and to allow the application to apply
access controls to me. the application and I would generate some key
material, which would then be used to derive symmetric keys. from the
perspective of the network, nothing about my use of the application
would be visible - all of the details would be conveyed inside an
encrypted envelope. the network would only see the routeable name on the
'outside' of the envelope, and that name would not refer to any 'object'
- it would just offer enough routeable prefix to reach an instance of
the application, and enough context identification to allow the
application to locate the keys to use when communicating with me. how
the application works, its semantics, would not have to be known to the
network in any way.
Thanks,
Mark
More information about the Ndn-interest
mailing list