Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

Joel Halpern Direct <jmh.direct@joelhalpern.com> Thu, 05 October 2017 01:41 UTC

Return-Path: <jmh.direct@joelhalpern.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9078F13450B; Wed, 4 Oct 2017 18:41:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.321
X-Spam-Level:
X-Spam-Status: No, score=-1.321 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uNvuTgp_DNOh; Wed, 4 Oct 2017 18:41:32 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3627133071; Wed, 4 Oct 2017 18:40:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id DE74846DC89; Wed, 4 Oct 2017 18:40:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1507167657; bh=PnWUxg7gUSRZeoK0HuoihMezRJs3RAJ+jFYwSBdrUmk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=nWnHWTla3kFusWPIWY2vevPFyMf38H/8BOTJimo59K/mNd3Q2MF94g5OfT6WLLl+s vacPmQOW3FAEzBi3h2Obm3oMWaLXDm29f7lGBSwB2p6LlblEi9H2bEt+qah/2kxuXk nYfiAnOjbebb2sdzALv82MZR7ze5iiCsQMoze800=
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 1049A467F1B; Wed, 4 Oct 2017 18:40:56 -0700 (PDT)
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Uma Chunduri <uma.chunduri@huawei.com>, "ideas@ietf.org" <ideas@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
References: <150670160872.14128.2758037992338326085.idtracker@ietfa.amsl.com> <778d5504-ba4f-d418-7b20-356353bb0fb2@cs.tcd.ie> <D7D4AEE9-3BD0-4C8F-BCC6-7185AF7D37BA@netapp.com> <9C663B18-21CC-4A16-8B26-7994B12B1DC5@piuha.net> <25B4902B1192E84696414485F572685401A872DE@SJCEML701-CHM.china.huawei.com> <33f100a0-5114-269c-adb4-5db6edb1fd4d@joelhalpern.com> <20171005013730.GC96685@kduck.kaduk.org>
From: Joel Halpern Direct <jmh.direct@joelhalpern.com>
Message-ID: <55bf5ae5-848a-ba81-f76b-14aaefdad2bf@joelhalpern.com>
Date: Wed, 4 Oct 2017 21:40:54 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <20171005013730.GC96685@kduck.kaduk.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/3t3iceFrbq6yCLDZ_3dX3OG6XfQ>
Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2017 01:41:34 -0000

Yes, authentication is necessary to modify the entries.  (Whether one 
should be authenticated before reading varies from case to case.)

But authentication does not require a separate identity.  Exactly what 
it requires depends upon how the system is constructed.

Uma was arguing that they need an identity.  I am arguing that such a 
thing is counter-productive.

Yours,
Joel

On 10/4/17 9:37 PM, Benjamin Kaduk wrote:
> On Wed, Oct 04, 2017 at 09:35:38PM -0400, Joel M. Halpern wrote:
>> Uma,
>>       It simply does not follow that you need an identity in order to be
>> able to update the mapping system.  You do need authentication.
>>        If you use DNS, then mechanissm such as the authentication used
>> with dynamic DNS suffice.
>>        If you use LISP, then the keying associated with the delegation of
>> the identifier works.
>>        If you use MobileIP, then you need the authentication with your
>> home register.
>>
>>       There is no need for any special Identity.
> 
> My reading of the claim was that authentication is needed in order to
> change the actual map itself, which does seem like a true statement,
> in general.  Authentication is not necessarily needed just to consume
> the map.
> 
> -Ben
>