IETF Logo Mail Archive

Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

Uma Chunduri <uma.chunduri@huawei.com> Thu, 14 September 2017 15:52 UTC

Return-Path: <uma.chunduri@huawei.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A572124239; Thu, 14 Sep 2017 08:52:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kgy2BM89thQx; Thu, 14 Sep 2017 08:52:21 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9D9F1326F3; Thu, 14 Sep 2017 08:52:19 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml703-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DVL64266; Thu, 14 Sep 2017 15:52:18 +0000 (GMT)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml703-cah.china.huawei.com (10.201.108.44) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 14 Sep 2017 16:52:17 +0100
Received: from SJCEML701-CHM.china.huawei.com ([169.254.3.191]) by SJCEML703-CHM.china.huawei.com ([169.254.5.62]) with mapi id 14.03.0301.000; Thu, 14 Sep 2017 08:52:12 -0700
From: Uma Chunduri <uma.chunduri@huawei.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
CC: Tom Herbert <tom@herbertland.com>, "ideas@ietf.org" <ideas@ietf.org>, "ideas-chairs@ietf.org" <ideas-chairs@ietf.org>, The IESG <iesg@ietf.org>, Alvaro Retana <aretana@cisco.com>
Thread-Topic: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)
Thread-Index: AQHTKO4TIJF5eaYgTEaCd2CdawdzhaKzw0iA//+MDkCAAOP0gIAAW0lg
Date: Thu, 14 Sep 2017 15:52:12 +0000
Message-ID: <25B4902B1192E84696414485F572685401A5F08D@SJCEML701-CHM.china.huawei.com>
References: <150490809267.17244.96544246533076816.idtracker@ietfa.amsl.com> <CALx6S37_T_+6P0dhciYO7J_xTt_b_s0KYy+wdC=HngOQo8kh1g@mail.gmail.com> <25B4902B1192E84696414485F572685401A5ECBC@SJCEML701-CHM.china.huawei.com> <CAKKJt-f2X674u_PtUsyjAbNAFrePaK84pcNQewdApe6a+uK=yA@mail.gmail.com>
In-Reply-To: <CAKKJt-f2X674u_PtUsyjAbNAFrePaK84pcNQewdApe6a+uK=yA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.212.247.67]
Content-Type: multipart/alternative; boundary="_000_25B4902B1192E84696414485F572685401A5F08DSJCEML701CHMchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.59BAA5B2.00A2, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.3.191, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 526adaf90ae987a7e879d2cd9edabaeb
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/CmK4cfpp_gjW-RQW2rQq3Gj4SdI>
Subject: Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2017 15:52:23 -0000

Hi Spencer,

Quick response In-line [Uma]:

Thx!
--
Uma C.

From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Spencer Dawkins at IETF
Sent: Wednesday, September 13, 2017 8:17 PM
To: Uma Chunduri <uma.chunduri@huawei.com>
Cc: Tom Herbert <tom@herbertland.com>; ideas@ietf.org; ideas-chairs@ietf.org; The IESG <iesg@ietf.org>; Alvaro Retana <aretana@cisco.com>
Subject: Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

So, responding to Uma's response to Tom's response to my response to the proposed charter (whew!),

On Wed, Sep 13, 2017 at 3:56 PM, Uma Chunduri <uma.chunduri@huawei.com<mailto:uma.chunduri@huawei.com>> wrote:
        > Is a look at general security implications, in a form that specific
        >framework  usages can point to, on the table for IDEAS?
        >e
        Spencer,

        I believe there are two discrete components being championed in IDEAS:
        One, is mapping system of identifier to locators and the other is introduction of identity mapping. The former looks much more like a routing or name resolution protocol, and the later would be doing identity management and possible collecting PII. There are obviously many security implications to      both parts, however I think the threats and sensitivity between these is quite different, i.e. hacking into the ID/loc mapping data base could result in misdirecting packets, hacking into identity store may result in loss of users' privacy.

Tom's response to me makes sense.

[Uma]: Tom, you summarized well. I would note there is interconnected aspect to these 2 items w.r.t security. Identity AUTH can inherently bring security (and if needed privacy) to Identifier/Location mapping and strengthen that area tremondoesly.
However, Identity privacy itself has  to be tackled and there are existing well defined mechanisms for that as discussed earlier in the IDEAS list (pointer from Diego, is a great example).
When we described identity and it's uses here https://tools.ietf.org/html/draft-ccm-ideas-identity-use-cases-01#section-7 , we noted threat analysis aspect in Section 7 and was reflected in charter too.

Uma's response to Tom makes sense.

        These seem fundamentally different so security considerations should probably be considered independently of each other.

[Uma]: Different but interdependent on some aspects as mentioned above.

So, what I'm not understanding, is that there are two work items, and only one framework deliverable. Is the intention that the identifier/locator mapping system and the identity mapping system are different enough to have different security considerations, but are so tightly interwoven that neither is usable without the other, or with any other mapping system separately, so it makes sense to lump them into one framework?

[Uma]: AFAICT, one cohesive framework to cover these 2 aspects is a good option. Obviously,  solutions are vastly different on how to do Identity privacy and federated Identifier/location mapping system with Identity services and those can be taken up in different documents later.


Again, either answer is OK, but if I'm going to ask, now would be the time :-)

[Uma]: Me too and would be happy to listen other opinions. Thanks for thoughtful comments and follow-up.


Spencer

        Tom

        > (It doesn't have to be, for me to ballot Yes, but I did have to ask,

v2.23.0 | Report a Bug | By Email