Re: [Ideas] [lisp] WG Review: IDentity Enabled Networks (ideas)
Padma Pillay-Esnault <padma.ietf@gmail.com> Wed, 11 October 2017 17:32 UTC
Return-Path: <padma.ietf@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C823A12895E; Wed, 11 Oct 2017 10:32:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id imUUCu4xJ5PL; Wed, 11 Oct 2017 10:32:47 -0700 (PDT)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BFB2126DD9; Wed, 11 Oct 2017 10:32:47 -0700 (PDT)
Received: by mail-wm0-x236.google.com with SMTP id q124so6799787wmb.0; Wed, 11 Oct 2017 10:32:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rvYsW/4Tk2d7QtfMqQn7wYR4YILkyYS/TaHSOsMbsuc=; b=dYXP+DhKoOq6VgJxSYzzwDAWZyc7WmgaJkUDg5Qv7ZZNuMtUr9ZOWNnVObQHEuXrsV TkVpAjcNwiEL1Pyj3Hew5bExedO0DLNTaM6MCbH417o4VKPBf5QcZUslEygFkqzofmao 43KXnZOV7Mrd1VSogIJ+RsFnxUl4EYHbTNwfKKikEHabwE4CSb1IMLBR30wmjLU/cF1Q onp8shWy/OvNc9da2Z754hAySV7ezEynxzd95/riFVqs2I7JZHe+7PBHGHdj077hf1wh LidLoj0SysvLcdogEUl0k5DtVUtJP3gIabPmNza86f8+zs5NeCYrsUScEhp8dydhDfTq 1+tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rvYsW/4Tk2d7QtfMqQn7wYR4YILkyYS/TaHSOsMbsuc=; b=ZxaESS0cx00Jdm4rKnpTXizLx490vLfEeSfhaw+haYAkaykRVgvQsG+hnNI/gLhrH8 3sipoMkkQ3k9RpU5XMphVNaY8ezveL7zmi937CizFY3Jz+S10/2p85VrXzc2Cif42Deg QkYLZ/2jep/4TwZK253cTqFWVttVr2HVFElYAwou9qmJ57ocO626Q0IY70Zj5a+cQrCJ p4yLpaZlmSUNgylyJ91RN3a66tBHRL1aaYYhHC02Kr5bMezoaZddKNUebxDE5FAC0VzQ H0aSSwC+ZBUOE1ktfUW67c3b3mugPusX0SrRoJsotdnz3+I8uxw9gFSjJ3DRdvrc+Wjy iHAg==
X-Gm-Message-State: AMCzsaU2h/RyWsiFyYxNsy/Z/TccN9cRlyRqNcRP8DX5wo6MlnajCnio wpVP/grHG4EBYUUl08we6XdnSYMxIOkl2AVXAGE=
X-Google-Smtp-Source: AOwi7QDOoPEc+JmW8HJqlgoWm4bmg2WKrunbAWx5HgGormDJkg1OSfL3G+SuaAGlKeawZ6KPl9AiaqM3Mtbb+LlJgA0=
X-Received: by 10.223.173.175 with SMTP id w44mr327153wrc.19.1507743165659; Wed, 11 Oct 2017 10:32:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.173.86 with HTTP; Wed, 11 Oct 2017 10:32:44 -0700 (PDT)
In-Reply-To: <cf2ca920-f2d2-b65e-05eb-ebe3c30b76d1@huitema.net>
References: <150670160872.14128.2758037992338326085.idtracker@ietfa.amsl.com> <778d5504-ba4f-d418-7b20-356353bb0fb2@cs.tcd.ie> <CAMm+Lwg61PGrcmu=-e8ciD6Q+XmEaWWDys4g2M657VOjWmaGcg@mail.gmail.com> <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <644DA50AFA8C314EA9BDDAC83BD38A2E0EAA7204@sjceml521-mbx.china.huawei.com> <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie> <0BA14206-DC82-49EF-A625-B2425FA396F6@gmail.com> <1f254140-1340-6c7d-9c73-e7137562c685@gmail.com> <fa644cc2-161f-8884-3445-2b50d2c2ad23@htt-consult.com> <cf2ca920-f2d2-b65e-05eb-ebe3c30b76d1@huitema.net>
From: Padma Pillay-Esnault <padma.ietf@gmail.com>
Date: Wed, 11 Oct 2017 10:32:44 -0700
Message-ID: <CAG-CQxrdS9L+2+bN=1NcPGuztn4U4OwSWUiNaVcS9Bsm2mtpfA@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: Robert Moskowitz <rgm-ietf@htt-consult.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>, Dino Farinacci <farinacci@gmail.com>, "ideas@ietf.org" <ideas@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "lisp@ietf.org list" <lisp@ietf.org>
Content-Type: multipart/alternative; boundary="f403045ceff2cd3fef055b48cf14"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/EFzO453LFeJlBW6WUSxCQruRztY>
Subject: Re: [Ideas] [lisp] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2017 17:32:50 -0000
On Wed, Oct 11, 2017 at 9:15 AM, Christian Huitema <huitema@huitema.net> wrote: > On 10/11/2017 7:56 AM, Robert Moskowitz wrote: > > and 'identity' is a red flag. > > > Whow there! You were part of the Namespace Research Group? I think? I > was and we we worked a lot on this and came to the conclusion that there > could be no conclusion. Not even a rough concensus, it seemed. > > I have been using 'identity' to apply to things for 20 years. Pretty much > ever since I started working with things. Anyone that holds the position > that 'identity' means we are talking only about people are allowing their > thinking to be clouded. > > > I am concerned that the current proponents of the IDEAS work are mainly > resisting the feedback, treating it as some roadblock put in the path of > their work by misguided privacy purists, and attempting to remove the > roadblocks by adding some weasel words to the charter. I would feel much > more confident if these proponents acknowledged the tension between privacy > and stable identifiers of any sort, if that tension was clearly noted in > the charter, and if privacy goals were clearly stated. > > As one of the proponents, I feel I need to speak up because blanket statements are just not helping. Speaking on behalf of my fellow proponents, we have always welcomed constructive feedback from people who want/can contribute and make the technology better. We have been willing to clarify the charter (clarification does not mean weaseling). If it is helpful to move forward, I am willing to volunteer for this work and discuss with anyone to ensure constructive feedback and comments are addressed. Specifically, I think there is a contradiction between some of documents. > For example, draft-padma-ideas-problem-statement-01 states that: > > o A single entity may have multiple IDs, and IDs of the same entity > may have different life spans that are different from the lifespan > of the entity. Furthermore, it is understood that IDs may have > different lifecycles, which may be permanent or ephemeral by > choice or design. > > o Ephemeral (temporary) IDs may be used as a short-lived pseudonym > for a permanent ID to protect the privacy of the related entity. > > But then, draft-ccm-ideas-identity-use-cases-01 states that: > > a. Unique and Permanent Identity representing the entity enables > authentication (AUTH) with the mapping and Identity services > infrastructure. While it is possible to do AUTH on Identifiers > those are not permanently associated to the entity. Moreover, > AUTH operation is a relatively an expensive and inefficient > procedure (compared to LOC resolution for example) and can cause > excessive startup delays for lot of applications. > > > As said earlier this draft was not updated by the authors and a new version was posted yesterday. https://www.ietf.org/mail-archive/web/ideas/current/msg00520.html > The tension is obvious. On one hand, the ephemeral identifiers envisaged > in the problem statement would pretty much align the privacy properties of > the ID to those of IPv6 privacy addresses, and that's good. On the other > hand, the requirement to perform authentication on identities completely > negates that property. > > I would be fine if the support for "Unique and Permanent Identity" was > explicitly excluded from the charter. > AFAIK, none of the proponents resisted that. > There is obviously a need to support some form of access control to a > mapping database, > Agreed. > but you do not need a reference to a permanent identity for that -- > systems similar to CGA would work just fine. > The identity of the device is just adding a lever of identifier which effectively allows authentication to modify the identifiers used by that device but also what the users of these identifiers can look up. If we had used "user of identifier" it would have been misconstrued for humans. So damn if you do and damn if you don't ... We are open for discussions anytime. Padma > > -- > Christian Huitema > > > _______________________________________________ > lisp mailing list > lisp@ietf.org > https://www.ietf.org/mailman/listinfo/lisp > >
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Tom Herbert
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Tom Herbert
- Re: [Ideas] WG Review: IDentity Enabled Networks … Dino Farinacci
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Templin, Fred L
- [Ideas] Fwd: Fwd: Re: WG Review: IDentity Enabled… Christian Huitema
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Templin, Fred L
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Tom Herbert
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Templin, Fred L
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Christian Huitema
- Re: [Ideas] WG Review: IDentity Enabled Networks … Christian Huitema
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Templin, Fred L
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Robert Moskowitz
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Uma Chunduri
- Re: [Ideas] Fwd: Fwd: Re: WG Review: IDentity Ena… Robert Moskowitz
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- [Ideas] WG Review: IDentity Enabled Networks (ide… The IESG
- Re: [Ideas] WG Review: IDentity Enabled Networks … Phillip Hallam-Baker
- Re: [Ideas] WG Review: IDentity Enabled Networks … Tom Herbert
- Re: [Ideas] WG Review: IDentity Enabled Networks … stephen.farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … John C Klensin
- Re: [Ideas] WG Review: IDentity Enabled Networks … Tom Herbert
- Re: [Ideas] WG Review: IDentity Enabled Networks … Alexander Clemm
- Re: [Ideas] WG Review: IDentity Enabled Networks … Eggert, Lars
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Dino Farinacci
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padmadevi Pillay Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Jari Arkko
- Re: [Ideas] WG Review: IDentity Enabled Networks … Joel M. Halpern
- Re: [Ideas] WG Review: IDentity Enabled Networks … Brian E Carpenter
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Joel M. Halpern
- Re: [Ideas] WG Review: IDentity Enabled Networks … Alexander Clemm
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Tom Herbert
- Re: [Ideas] WG Review: IDentity Enabled Networks … Dino Farinacci
- Re: [Ideas] WG Review: IDentity Enabled Networks … Yingzhen Qu
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Joel M. Halpern
- Re: [Ideas] WG Review: IDentity Enabled Networks … Benjamin Kaduk
- Re: [Ideas] WG Review: IDentity Enabled Networks … Joel Halpern Direct
- Re: [Ideas] WG Review: IDentity Enabled Networks … Mike StJohns
- Re: [Ideas] WG Review: IDentity Enabled Networks … Phillip Hallam-Baker
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Joel M. Halpern
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] Fwd: Re: WG Review: IDentity Enabled … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Dino Farinacci
- Re: [Ideas] WG Review: IDentity Enabled Networks … Dino Farinacci
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Georgios Karagiannis
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … S Moonesamy
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … S Moonesamy
- Re: [Ideas] WG Review: IDentity Enabled Networks … Tom Herbert
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Tom Herbert
- Re: [Ideas] WG Review: IDentity Enabled Networks … S Moonesamy
- Re: [Ideas] WG Review: IDentity Enabled Networks … Alexander Clemm
- Re: [Ideas] WG Review: IDentity Enabled Networks … Alvaro Retana
- Re: [Ideas] WG Review: IDentity Enabled Networks … Robert Moskowitz
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Randy Bush
- Re: [Ideas] WG Review: IDentity Enabled Networks … Eggert, Lars
- Re: [Ideas] WG Review: IDentity Enabled Networks … Stephen Farrell
- Re: [Ideas] WG Review: IDentity Enabled Networks … Uma Chunduri
- Re: [Ideas] WG Review: IDentity Enabled Networks … Randy Bush
- Re: [Ideas] WG Review: IDentity Enabled Networks … Jeff Tantsura
- Re: [Ideas] WG Review: IDentity Enabled Networks … Randy Bush
- Re: [Ideas] WG Review: IDentity Enabled Networks … Robert Moskowitz
- Re: [Ideas] WG Review: IDentity Enabled Networks … Robert Moskowitz
- Re: [Ideas] WG Review: IDentity Enabled Networks … Christian Huitema
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Padma Pillay-Esnault
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Alexander Clemm
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Christian Huitema
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [Ideas] WG Review: IDentity Enabled Networks … Padma Pillay-Esnault
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Sam Sun
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [Ideas] WG Review: IDentity Enabled Networks … Georgios Karagiannis
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Toerless Eckert
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Tom Herbert
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Toerless Eckert
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Tom Herbert
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… John C Klensin
- Re: [Ideas] [lisp] WG Review: IDentity Enabled Ne… Toerless Eckert