Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

Padmadevi Pillay Esnault <padma@huawei.com> Wed, 04 October 2017 21:39 UTC

Return-Path: <padma@huawei.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07C6C1344C9; Wed, 4 Oct 2017 14:39:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ygyo-knJuwgM; Wed, 4 Oct 2017 14:39:15 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3EE9133073; Wed, 4 Oct 2017 14:39:14 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml706-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DPX48072; Wed, 04 Oct 2017 21:39:12 +0000 (GMT)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml706-cah.china.huawei.com (10.201.108.47) with Microsoft SMTP Server (TLS) id 14.3.301.0; Wed, 4 Oct 2017 22:39:11 +0100
Received: from SJCEML701-CHM.china.huawei.com ([169.254.3.215]) by SJCEML703-CHM.china.huawei.com ([169.254.5.15]) with mapi id 14.03.0301.000; Wed, 4 Oct 2017 14:39:04 -0700
From: Padmadevi Pillay Esnault <padma@huawei.com>
To: Tom Herbert <tom@herbertland.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: "ideas@ietf.org" <ideas@ietf.org>, Phillip Hallam-Baker <phill@hallambaker.com>, IETF-Discussion <ietf@ietf.org>
Thread-Topic: [Ideas] WG Review: IDentity Enabled Networks (ideas)
Thread-Index: AQHTOT3ymgzcYyPwiEG9DUxoovk7IqLMpU0AgAefuICAABZvAIAABMOAgAAJFYD//8wzkA==
Date: Wed, 04 Oct 2017 21:39:03 +0000
Message-ID: <EC7A99B9A59C1B4695037EEB5036666B02744B6F@SJCEML701-CHM.china.huawei.com>
References: <150670160872.14128.2758037992338326085.idtracker@ietfa.amsl.com> <778d5504-ba4f-d418-7b20-356353bb0fb2@cs.tcd.ie> <CAMm+Lwg61PGrcmu=-e8ciD6Q+XmEaWWDys4g2M657VOjWmaGcg@mail.gmail.com> <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <CALx6S36-24VWt==yCwE_u+52fehuGA2w-anDv95Oy6hw1vTzPw@mail.gmail.com>
In-Reply-To: <CALx6S36-24VWt==yCwE_u+52fehuGA2w-anDv95Oy6hw1vTzPw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.213.48.212]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020203.59D55501.0057, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.3.215, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: ffc79e8c6a44093f62df7a0f42f4cdce
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/5yZDxnPA4ciojDGelOr9YO2aY2g>
Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2017 21:39:18 -0000

Thank you for voicing your concerns 
"on the basis that it enables and seemingly encourages embedding  identifiers for humans as addresses"

This is not the objective or in the charter of this wg as you point out this would be against the policy.
Perhaps this can be made clearer in the charter - this is about machines and processes.

"If the work precluded the use of any identifiers that strongly map  to humans then I'd be ok with it being done as it'd then only be a waste of resources."

Well it really depends in which context this work is being used.
Looking at some of the postings, it seems that adding more context on the problem space would help to bring more clarity on the charter.

Padma 

> > -----Original Message-----
> > From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Eggert, 
> > Lars
> > Sent: Wednesday, October 04, 2017 12:13 PM
> > To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
> > Cc: ideas@ietf.org; ietf@ietf.org
> > Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)
> >
> > On 2017-9-29, at 11:31, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> > > As currently described, I oppose creation of this working group
> >
> > +1, for the reasons below
> >
> > Lars
> >
> > > on the basis that it enables and seemingly encourages embedding 
> > > identifiers for humans as addresses. Doing so would have 
> > > significant privacy downsides, would enable new methods for 
> > > censorship and discrimination, and could be very hard to mitigate 
> > > should one wish to help protect people's privacy, as I think is current IETF policy.
> > >
> > > If the work precluded the use of any identifiers that strongly map 
> > > to humans then I'd be ok with it being done as it'd then only be a 
> > > waste of resources. But I don't know how that could be enforced so 
> > > I think it'd be better to just not do this work at all.

-----Original Message-----
From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Tom Herbert
Sent: Wednesday, October 04, 2017 10:07 AM
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: ideas@ietf.org; Phillip Hallam-Baker <phill@hallambaker.com>; IETF-Discussion <ietf@ietf.org>
Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

On Wed, Oct 4, 2017 at 9:34 AM,  <stephen.farrell@cs.tcd.ie> wrote:
>
>
> On Wednesday, 4 October 2017, Tom Herbert wrote:
>> On Wed, Oct 4, 2017 at 7:57 AM, Phillip Hallam-Baker 
>> <phill@hallambaker.com> wrote:
>> > On Fri, Sep 29, 2017 at 2:31 PM, Stephen Farrell 
>> > <stephen.farrell@cs.tcd.ie>
>> > wrote:
>> >>
>> >>
>> >> As currently described, I oppose creation of this working group on 
>> >> the basis that it enables and seemingly encourages embedding 
>> >> identifiers for humans as addresses. Doing so would have 
>> >> significant privacy downsides, would enable new methods for 
>> >> censorship and discrimination, and could be very hard to mitigate 
>> >> should one wish to help protect people's privacy, as I think is 
>> >> current IETF policy.
>> >>
>> >> If the work precluded the use of any identifiers that strongly map 
>> >> to humans then I'd be ok with it being done as it'd then only be a 
>> >> waste of resources. But I don't know how that could be enforced so 
>> >> I think it'd be better to just not do this work at all.
>> >>
>> >> S.
>> >
>> >
>> > +1
>> >
>> > I know how to restrict the work to 'meaningless' identifiers, 
>> > require that the identifiers be the output of a cryptographic algorithm.
>> >
>> > Now strictly speaking, this only limits scope to identifiers that 
>> > are indexical as opposed to rendering them meaningless but I think 
>> > that was the sense of it.
>> >
>> >
>> > Nöth proposed a trichotemy of identifiers as follows
>> >
>> > * Identity, the signifier is the signified (e.g. data: URI)
>> >
>> > * Indexical, the signifier is related to the signified by a 
>> > systematic relationship, (e.g. ni URIs, SHA256Data), PGP 
>> > fingerprints etc.)
>> >
>> > * Names,  the signifier is the related to the signified by a purely 
>> > conventional relationship, (e.g. example.com to its owner)
>> >
>> >
>> > There is a big difference between attempting to manage indexical 
>> > signifiers and names. Especially when the people trying to do so 
>> > refuse to read any of the literature on semiotics.
>> >
>> > Names are problematic because the only way that a conventional 
>> > relationship can be implemented is through some sort of 
>> > registration infrastructure and we already have one of those and 
>> > the industry that manages it has a marketcap in the tens of billions.
>> >
>> > Identifiers do lead to tractable solutions. But, this proposal 
>> > looks a bit unfocused for IRTF consideration, an IETF WG? Really?
>> >
>> Identifiers are equivalent to addresses in that they indicate a node 
>> in the network for the purposes of end to end communications. The 
>> only difference between identifiers and addresses is that identifiers 
>> are not topological. Virtual addresses in network virtualization are 
>> also identifiers. So the security properties are the same when 
>> considering privacy. For instance, if applications use temporary 
>> addresses for privacy, it would have equivalent properties using 
>> temporary identifiers. In fact from the application POV this would be 
>> transparent. It could get a pool of apparently random addresses to 
>> choose from as source of communication, it shouldn't know or even 
>> care if the addresses are identifiers.
>>
>> Identity is a completely separate concept from identifiers. Is not 
>> required in any of the identifier/locator protocols and AFAIK none of 
>> them even mention the term. There is no association of an identity of 
>> user behind and identifier any more than there is an association of 
>> identity behind IP address. The fact that the words "identifier" and 
>> "identity" share a common prefix is an unfortunate happenstance :-).
>
>
> Yes. But doesn't that mean either the name of this effort is wildly misleading or else the effort is hugely problematic from a privacy POV? Either way, istm this ought not proceed.
>
Stephen,

There are two distinct efforts represented in IDEAS. One is a developing a common identifier/locator mapping system and the other is identity management. IMO the first is much more tangible and it's clear this is needed given the emergence of id/loc use in data center, mobile networks, as well as network virtualization. The identity effort is less clear in terms of feasibility, privacy, and benefits-- there might be something there, but honestly it looks much more like a research project to me at this point.

Tom

_______________________________________________
Ideas mailing list
Ideas@ietf.org
https://www.ietf.org/mailman/listinfo/ideas