IETF Logo Mail Archive

Re: [Ideas] BOF @IETF 99 Preparation - problem statement

Michael Menth <menth@uni-tuebingen.de> Sun, 11 June 2017 09:19 UTC

Return-Path: <menth@uni-tuebingen.de>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 107AC127286 for <ideas@ietfa.amsl.com>; Sun, 11 Jun 2017 02:19:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oYJf90enyFcn for <ideas@ietfa.amsl.com>; Sun, 11 Jun 2017 02:19:25 -0700 (PDT)
Received: from mx03.uni-tuebingen.de (mx03.uni-tuebingen.de [134.2.5.213]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D55DC120725 for <ideas@ietf.org>; Sun, 11 Jun 2017 02:19:24 -0700 (PDT)
Received: from [192.168.1.101] (hsi-kbw-5-56-217-255.hsi17.kabel-badenwuerttemberg.de [5.56.217.255]) by mx03.uni-tuebingen.de (Postfix) with ESMTPSA id DC75782A0A; Sun, 11 Jun 2017 11:19:22 +0200 (CEST)
To: Tom Herbert <tom@herbertland.com>
References: <CAG-CQxpeCVwmmYFVXTP_4rq9sB6ZMyDTo5H3DTbnCu4RPnR+sg@mail.gmail.com> <69375c9a-d184-03db-9b44-6be8de8a9b6f@uni-tuebingen.de> <CALx6S36i_eWv8teFtB4oMBd+vDpB1Hg7jJ7kqgPjS5eGVkJN0Q@mail.gmail.com>
Cc: Padma Pillay-Esnault <padma.ietf@gmail.com>, ideas@ietf.org
From: Michael Menth <menth@uni-tuebingen.de>
Message-ID: <a1e80707-b3e9-f7d5-d300-0a2c9d8130e9@uni-tuebingen.de>
Date: Sun, 11 Jun 2017 11:19:27 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CALx6S36i_eWv8teFtB4oMBd+vDpB1Hg7jJ7kqgPjS5eGVkJN0Q@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/--JSk0F5rWwHPKiQep0IoUHp77c>
Subject: Re: [Ideas] BOF @IETF 99 Preparation - problem statement
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jun 2017 09:19:28 -0000

Hi Tom,

we have alreaday LISP, ILA, and ILNP for implentation of Loc/ID split.
We have DNS and DDT as mapping systems used in these contexts.
So, there is already quite some support for basic Loc/ID split.

What's missing is an adequate protection of IDs in the above mentioned
context. When communicating with a unique ID, communication becomes
trackable like in the early days of IPv6. IPv6 privacy extensions solved
that problem. But with IPv6 we don't know whom we are talking to. So
what's desirable is a permanent ID for an identity which can be mapped
to various temporary IDs that are used for communication. A mapping
system associates identities and identifiers but can be queried only by
authorized identifiers. That means, communication becomes transparent to
authorized users while protecting privacy against others. However, we
need to explore how these objectives can be achieved with current
protocols and what pieces and extensions are missing.

That mechanism may be an enabler for true Loc/ID split as it allows to
use a permanent ID for identity (think of user contract) and a temporary
ID for each communication, for certain time spans, or devices. Permanent
IDs are not acceptable for privacy concerns in many use cases, e.g.,
automotive. As the temporary ID may be looked up by a provider, it may
be possible to apply per-identiy policies to traffic. If an identifier
is corrupt or gets attacked, of if a device gets lost or is exchanged,
the corresponding identifier may be substituted by another.

This is the filtered result of several telcos with proponents of IDEAS.
It requires some effort to clearly outline the potential of IDEAS in
various use cases as we're looking really beyond Loc/ID split.

Best wishes,

Michael


Am 11.06.2017 um 01:31 schrieb Tom Herbert:
> On Sat, Jun 10, 2017 at 1:31 AM, Michael Menth <menth@uni-tuebingen.de> wrote:
>> Dear Padma, all,
>>
>> I've tried to condense the essence of what I perceived from multiple
>> IDEAS brainstormings, documents, and email discussions. This may be a
>> base for a problem statement. Please add missing aspects!
>>
>> IDentity-EnAbled networkS (IDEAS) describes how identities (Idys),
>> identifiers (Idfs), and locators may be used for future communication
>> using existing protocols. Missing features are identified and added.
>>
>> An Idy is a permanent ID (PID) to uniquely identify an entity. To
>> protect its privacy, an entity may choose additional temporary IDs
>> (TIDs) for communications, so-called Idfs. A mapping system maps these
>> Idfs to their Idy so that communication partners may look up an Idf's
>> Idy. To preserve its privacy, the entity controls the mapping system and
>> may restrict access to it for certain Idfs or Idys.
>>
> Hi Michael,
> 
> I'm not following we need to have both identities and identifiers nor
> what the operational difference would be. This seems like a lot of
> complexity to me.
> 
> In ILA for instance, there are just identifiers and locators. The
> management plane creates identifiers on request (every task gets a
> unique identifier for instance). The mapping system maps identifiers
> to locators. Identifiers identify something but we really don't care
> what they identify. The same object could be assigned multiple
> identifiers for privacy as you describe below, but the mapping system
> shouldn't care about that. Identifiers can be registered in the
> mapping system, and then unregistered when they are no longer used--
> so there's no concept of permanent or temporary identifiers.
> Uniqueness of identifiers is a key attribute. For security, we need
> tight control over who can modify the mappings and who's allowed to
> query.
> 
> Can you maybe elaborate on how identities would make things better in
> the scenario I described?
> 
> Tom
> 
>> Both Idys and preferentially Idfs may be used for communication. They
>> identify the communication partner but not her location on the Internet.
>> To denote the location of an entity, one or more locators are needed
>> that describe how the Idy/Idf can be reached. A mapping system allows to
>> look up the locators so that traffic can be sent to the Idy/Idf. This is
>> the well-known Loc/ID split providing benefits such as improved mobility
>> (e.g. for VMs in a datacenter), Internet-scale SDN, improved traffic
>> engineering and other flexibility aspects.
>>
>> The advantage of that system is that entities may use Idfs for
>> communication to better protect their Idy. Only authorized communication
>> partners can find out the corresponding Idys behind. Entities can avoid
>> being tracked on the Internet by using multiple Idfs or by regularly
>> changing Idfs. The control of the Idy/Idf mappings can restrict access
>> to selected requesting Idys/Idfs and also limit that access over time to
>> implement a right to be forgotten.
>>
>> The concept improves the current LISP protocol by adding privacy in
>> communication in a similar way as IPv6 privacy extension avoid being
>> tracked by a stable MAC address. To that end, access restriction is
>> needed for mapping system requests which also need to be encrypted to
>> avoid eavesdropping. Therefore, a major protocol definition effort is
>> needed for the mapping system that provides the Idf/Idy mapping. Other
>> aspects of this concept can be assembled from existing pieces but should
>> be brought together in a recommended fashion.
>>
> 
>> Michael
>>
>> --
>> Prof. Dr. habil. Michael Menth
>> University of Tuebingen
>> Faculty of Science
>> Department of Computer Science
>> Chair of Communication Networks
>> Sand 13, 72076 Tuebingen, Germany
>> phone: (+49)-7071/29-70505
>> fax: (+49)-7071/29-5220
>> mailto:menth@uni-tuebingen.de
>> http://kn.inf.uni-tuebingen.de
>>
>> _______________________________________________
>> Ideas mailing list
>> Ideas@ietf.org
>> https://www.ietf.org/mailman/listinfo/ideas
> 
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas
> 

-- 
Prof. Dr. habil. Michael Menth
University of Tuebingen
Faculty of Science
Department of Computer Science
Chair of Communication Networks
Sand 13, 72076 Tuebingen, Germany
phone: (+49)-7071/29-70505
fax: (+49)-7071/29-5220
mailto:menth@uni-tuebingen.de
http://kn.inf.uni-tuebingen.de

v2.8.7 | Report a Bug | By Email