Re: [Ideas] [E] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

["Bogineni, Kalyani" <Kalyani.Bogineni@VerizonWireless.com>]

Spencer:

We are supportive of IDEAS charter that includes what is of interest to us: mapping system and
control plane protocols.

Regards,
Kalyani Bogineni
Verizon

From: Spencer Dawkins at IETF [mailto:spencerdawkins.ietf@gmail.com]
Sent: Monday, September 11, 2017 3:17 PM
To: Bogineni, Kalyani
Cc: The IESG; aretana@cisco.com; ideas@ietf.org; ideas-chairs@ietf.org
Subject: Re: [E] [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

Hi, Kalyani,

On Mon, Sep 11, 2017 at 1:55 PM, Bogineni, Kalyani <Kalyani.Bogineni@verizonwireless.com<mailto:Kalyani.Bogineni@verizonwireless.com>> wrote:
charter-ietf-ideas-00-00: Yes
We support standardizing the mapping system and control plane protocols.

I'm sorry, but I don't understand this as a response to whether security analysis at the framework level is in scope for IDEAS?

Thanks,

Spencer


Kalyani Bogineni
Verizon

-----Original Message-----
From: Ideas [mailto:ideas-bounces@ietf.org<mailto:ideas-bounces@ietf.org>] On Behalf Of Spencer Dawkins
Sent: Friday, September 08, 2017 6:02 PM
To: The IESG
Cc: aretana@cisco.com<mailto:aretana@cisco.com>; ideas@ietf.org<mailto:ideas@ietf.org>; ideas-chairs@ietf.org<mailto:ideas-chairs@ietf.org>
Subject: [E] [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

Spencer Dawkins has entered the following ballot position for
charter-ietf-ideas-00-00: Yes

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_charter-2Dietf-2Dideas_&d=DwICAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=IdiSODh8aDRjdCeGgd9Mzr2tsDA8-g976yWB1sPbdMo&m=4iTQevao0FvmGJ2lQosFV_brUjdjM9g2wGBLFxgT5Fs&s=w6TJbOQo5YtxXCLwzLkvFZmbH9XAyByGSWycK2md3Hs&e=



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

If only "Yes, but ..." was a position I could select ...

I'm really glad to see this going forward - enough to ballot "Yes".

This looks like a framework that could be used in a number of use cases, and my "Yes, but ..." is that it's not clear to me, how much analysis of ID/Loc separation security implications that some folks downstream are going to have to do, when using this framework.

I'm remembering an exchange with a document editor on the last telechat that could be summarized as "we didn't do the work on general security implications of X, so each usage of X has to do that work itself, rather than pointing to previous work". OK, if that's where we are, but IDEAS hasn't already done the same thing (yet).

I'm looking at deliverables like "Requirements for identity authentication and authorization service (for GRIDS)" and "Threat model document", so I know there's SOMEthing in there, but I don't know what else might be required, if someone wanted to think about the general security implications of GRIDS, and I note that those deliverables are listed as living drafts or wiki entries, which doesn't sound like anything GRIDS framework usages would be able to point to, when they need to look at security implications.

Is a look at general security implications, in a form that specific framework usages can point to, on the table for IDEAS?

(It doesn't have to be, for me to ballot Yes, but I did have to ask, right?)


_______________________________________________
Ideas mailing list
Ideas@ietf.org<mailto:Ideas@ietf.org>
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_ideas&d=DwICAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=IdiSODh8aDRjdCeGgd9Mzr2tsDA8-g976yWB1sPbdMo&m=4iTQevao0FvmGJ2lQosFV_brUjdjM9g2wGBLFxgT5Fs&s=t9wokY80pZ8u3yVsBlAumHv46uTMT6LWzptTTFlFlys&e=