[rssac-caucus] Handing the anonymization document off to RSSAC

Warren Kumari warren at kumari.net
Wed Apr 11 18:35:07 UTC 2018 

On Wed, Apr 11, 2018 at 2:06 PM, John Heidemann <johnh at isi.edu> wrote:
> On Mon, 09 Apr 2018 18:34:32 -0000, Paul Hoffman wrote:
>>Greetings again. We've kind of lost momentum on the "Recommendations on Anonymization Processes for Source IP Addresses Submitted for Future Analysis" document. I have made one more round of edits, and think that it is probably ready to send to RSSAC. Please do a final review of:
>>   https://docs.google.com/document/d/1jpFcEjlwd11kqbsd1oAUf2Hq3gNskqN595RdmvyKkU8
>>and put comments in the document or send them to this list. I propose that next Monday, April 16, we send the document to RSSAC so they can review it before their next workshop.
>
> A couple of questions about our goal, and some comments on the document.
>
> About the goal: implicit in the above proposal is that little bit of
> editing will "finish" the document.  Is that true?
>
> My sense is there is interest in larger changes, like trying to make a
> specific recommendation.  It seems unlikely that larger changes like
> that can be accomplished in only one week.

Related to this -- I reread the document with a fresh eye, and I think
that it could do with some better introductory text -- for example,
this is a fair bit of discussion further down in the document about
how using the same technique and key can be used to allow correlation
between different sources, but there isn't a huge amount about whether
this a feature or a bug.  Sure, if everyone maps IP X to IP Y you can
tell things like that X queried multiple operators -- but the document
doesn't really describe the tradeoff between the added privacy
exposure and value of this (and to whom). It feels like we've all been
working from the "well obviously this is a useful property" stance
without explaining it.

I'll happily be the first one to point out that I noted this without
offering text, so....
W

>
>
> Putting making a recommendation aside,
> suggested changes to the document:
>
> - section 2.1 and 3: changed "random value" to "secret value".
>
>   Reason: The "random value" is either cryptographic salt or a secret
>   crypotgraphic key.  Its important characteristic is that it is secret
>   (not public), not that how it is chosen (perhaps randomly).
>   Using the term "random" can easily be confused with "changing".
>
> - section 2.1: the text implied using different secret keys "breaks
>   harmonization".  This statement is too strong.  There is benefit to
>   researchers to knowning the harmonization METHOD if different RSOs use
>   different secrets.
>
> - section 4.1: the analysis of collisions was for an average day.
>   Collisions are dramatically higher for worst cases, and that's when
>   accurate counts most matter for some research.  I suggest this text
>   there to address this gap:
>
>           (Although the birthday problem has few collisions when the
>           number of active IPv4 address is small, it is much worse when
>           the number is large.  For example, reports of the Nov. 30,
>           2015 DDoS attack on the roots indicate that roots saw about
>           891k unique addresses, and with n=900k, there are 170M
>           collisions.  While many of these addresses were spoofed.  This
>           count represents one factor in the cost some DDoS-defenses, so
>           accuracy is important.).
>
>   I don't want the document to go too far down this one particular
>   rathole, BUT presenting only average case data is, I think, misleading.
>
>
> I made these changes both in the google doc and here.  I'm not sure that
> google doc edits alone always get as complete a discussion as mailing
> list comments.
>
>    -John Heidemann
>
> _______________________________________________
> rssac-caucus mailing list
> rssac-caucus at icann.org
> https://mm.icann.org/mailman/listinfo/rssac-caucus



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

More information about the rssac-caucus mailing list