Re: The "nomap" Network Identifier Suffix

<university level parsing>
So instead of taking this to IEEE where in three years the chipsets will have 
burned into them such a privacy mechanism, meaning that only state actors or 
well-financed bad folks will break the convention, we will do the work in the 
IETF where in three years the open source routers might sometimes honor such a 
convention and users get nothing?
</university level parsing>

<Joe Sixpack parsing>
Take to IEEE. Wait three years. Manufacturers make devices that do best efforts 
at handling user’s requests. User’s requests go into 802.11 negotiation. User’s 
requests are not obvious for all sniffers to see. Only sophisticated attacks 
need apply.
-- or --
Take to IETF. Wait three years. Most manufacturers ignore RFC. Those that do, 
do not count. Google gets to wrap itself in a very thin layer of legal 
protection. User’s requests broadcast “look at me. I do not want to be tracked. 
Please target me.” Maybe the security is that since this is so close to not 
doing anything, the bad guys will feel it is below their dignity to bother to 
track people. <ha ha ha!>
</Joe Sixpack parsing>


On Nov 26, 2013, at 10:51 PM, Richard Barnes <rlb(_at_)ipv(_dot_)sx> wrote:

> I think we mostly agree here, Mark, but just playing devil's advocate...
>
> If we want things to deploy with any speed, we need the people who want to 
> deploy them to be able to.  The people who would deploy this sort of policy 
> mechanism cannot change the 802.11 protocols their WiFi chipsets use, but 
> they *can* change an SSID or parse an SSID.  If you wait IEEE to make a 
> standard, and vendors to build it, and ... well, I'll see you in a few years.
>
> Yes, it's a hack, but the Internet lives on hacks.  And people are using it, 
> so what's the harm in documenting it?  To make an analogy, how many RFCs for 
> v4/v6 transition schemes do we have that slam an IPv4 address into an IPv6 
> address?
>
> --Richard (who really doesn't have a dog in this fight, but generally likes 
> the fast path instead of the long, slow, painful, expensive path)
>
>
>
>
>
>
> On Tue, Nov 26, 2013 at 5:27 PM, Mark Nottingham <mnot(_at_)mnot(_dot_)net> 
> wrote:
> Separate from the issues surrounding enforcing declared policy, putting 
> metadata into identifiers seems like a bad practice.
>
> Besides the issue of scalability — do we really want a SSID that looks like 
> “mnot_nomap_guestsallowed_privacyguaranteed_prettyplease” — this proposal is 
> squatting on ALL suffixes; someone who wants to define the “_guestsallowed” 
> suffix, for example, now can’t do so because it’s in contention with _nomap.
>
> Never mind that it’s retroactively assigning semantics to potentially 
> existing identifiers.
>
> These issues seem very similar to those raised in the 
> draft-nottingham-uri-get-off-my-lawn. It’s very tempting for us as standards 
> bodies to encroach upon user-visible identifier space, but doing so brings a 
> number of concrete technical problems, as well as a higher concern; that 
> these name spaces are explicitly defined to be under user (or administrator) 
> control, and taking that control away retroactively shouldn’t be something we 
> do.
>
> Cheers,
>
>
> On 26 Nov 2013, at 11:04 pm, Eric Burger 
> <eburger(_at_)cs(_dot_)georgetown(_dot_)edu> wrote:
>
> > Tastes like the ‘evil’ bit, in reverse.
> >
> > On Nov 25, 2013, at 6:50 PM, Bjoern Hoehrmann 
> > <derhoermi(_at_)gmx(_dot_)net> wrote:
> >
> > > Hi,
> > >
> > > My smartphone can turn into a Wifi access point so I can easily use
> > > its Internet connection from my netbook. Problem is that nearby devices
> > > I do not control might report my whereabouts to third parties that map
> > > network equipment to geographic locations. A naming convention for net-
> > > works has been proposed to address this, append "_nomap" to the network
> > > name and "good actors" will ignore it. I thought it would be a good idea
> > > to document this convention in a better place than a single vendor's
> > > blog post, so two years ago today I published
> > >
> > > http://tools.ietf.org/html/draft-hoehrmann-nomap-00
> > >
> > > I think this is a "better than nothing" mechanism and I am not the most
> > > qualified person to document it, and there was pretty much no interest
> > > in the document when I announced it. Still, especially considering more
> > > and more organisations are collecting such data, I think this needs good
> > > documentation. I am looking for volunteers, suggestions, whatever helps
> > > getting that done without a lot of effort on my part...
> > >
> > > Thanks!
> > > --
> > > Björn Höhrmann · mailto:bjoern(_at_)hoehrmann(_dot_)de · 
> > > http://bjoern.hoehrmann.de
> > > Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
> > > 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
> --
> Mark Nottingham   http://www.mnot.net/

signature.asc
Description: Message signed with OpenPGP using GPGMail