IETF Logo Mail Archive

Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 14 September 2017 03:16 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0A5813263F; Wed, 13 Sep 2017 20:16:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vNVN-R3BIC5Z; Wed, 13 Sep 2017 20:16:51 -0700 (PDT)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C692124F57; Wed, 13 Sep 2017 20:16:51 -0700 (PDT)
Received: by mail-yw0-x22a.google.com with SMTP id r85so4622154ywg.1; Wed, 13 Sep 2017 20:16:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9iKVyYZBx77Di/SkeFLFvEnBAz1487nMDmegXbJSsSI=; b=pvmO4keCQmcvgyRIKEuMwwWKOihUOTi0hTBl5s2LvN+ORIA57N+RNgdjjMcbwd0dIR jYizwl81sgwb64frmW5xwoaAUoU8ov/sbXBgMrsda0gasASwyBwKXBWEU8S+gYqHcBWi iOGA07gSvzfsoAciA9ewhcj8EcMWmXL11iRRmylK6+OcrfTsYVb79lk2jKQMcdUCgM1R 6dtAchwa6gT/UVYYomkPi3BLbFXjnInxLp1ujlx7bygxSp9fUcdhqAfmOSnmsOoASnze kaRd0dh65E7T3Zdb4kp5lYpyKfSQZ+/rlWEKrqDE4NcUC9NUngHMwFml30nbqNfpMMI4 FPtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9iKVyYZBx77Di/SkeFLFvEnBAz1487nMDmegXbJSsSI=; b=J5Uny+z26jBIJCLucFbOKDkpBy54uBgI8NUW6tHCe4/KiuIq4/v9KhTRa2HmFusRXi wWyYwNxlvTRpZ/+//SoudblEhFz0erEa2NsdCeTzjWfP8nn/CmM+58danuOEjVbXtfDR jTLFMoHUs4oRSqf7VbQX1PNVoJ3E4G20ywYpA6DWBnOlaj3zBvYsRPBuj7uqDknMiAw3 P6CbFt04K3+YF03pj90u+tRlgtwZ7RUM4/crin1oxv1YN4TLDhlD7SPG/EgLVudZhhCt sjbAeFL/97/Lgm/tmFIgpEkIrd5D+1lnoleGtr/pm6Gna9LKfV0PWJIoQ/5sbMfKQ/Y9 IFkw==
X-Gm-Message-State: AHPjjUj7X6RvW818MEkree08wbPBT1xMECvHweoQh2pZysiTX7frnNAS YhGsUJ1CCJCRShhw2LTlqhAe81FOKB24jNNBQJw=
X-Google-Smtp-Source: ADKCNb4Jqa4CpDIkMpbwEjmvYAcIb+iuCOHI5mIW6q2LK9KPri046PoE78fE8iqkNGB1fcqZI946bqiEv1cnW7e8ULw=
X-Received: by 10.37.108.86 with SMTP id h83mr15998121ybc.211.1505359010214; Wed, 13 Sep 2017 20:16:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.2.15 with HTTP; Wed, 13 Sep 2017 20:16:49 -0700 (PDT)
In-Reply-To: <25B4902B1192E84696414485F572685401A5ECBC@SJCEML701-CHM.china.huawei.com>
References: <150490809267.17244.96544246533076816.idtracker@ietfa.amsl.com> <CALx6S37_T_+6P0dhciYO7J_xTt_b_s0KYy+wdC=HngOQo8kh1g@mail.gmail.com> <25B4902B1192E84696414485F572685401A5ECBC@SJCEML701-CHM.china.huawei.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Wed, 13 Sep 2017 22:16:49 -0500
Message-ID: <CAKKJt-f2X674u_PtUsyjAbNAFrePaK84pcNQewdApe6a+uK=yA@mail.gmail.com>
To: Uma Chunduri <uma.chunduri@huawei.com>
Cc: Tom Herbert <tom@herbertland.com>, Alvaro Retana <aretana@cisco.com>, "ideas@ietf.org" <ideas@ietf.org>, "ideas-chairs@ietf.org" <ideas-chairs@ietf.org>, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="001a1148ac3410382205591db54e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/Po5usH75429l5bYjt2qVNvEhX1c>
Subject: Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2017 03:16:53 -0000

So, responding to Uma's response to Tom's response to my response to the
proposed charter (whew!),

On Wed, Sep 13, 2017 at 3:56 PM, Uma Chunduri <uma.chunduri@huawei.com>
wrote:

>         > Is a look at general security implications, in a form that
> specific
>         >framework  usages can point to, on the table for IDEAS?
>         >e
>         Spencer,
>
>         I believe there are two discrete components being championed in
> IDEAS:
>         One, is mapping system of identifier to locators and the other is
> introduction of identity mapping. The former looks much more like a routing
> or name resolution protocol, and the later would be doing identity
> management and possible collecting PII. There are obviously many security
> implications to      both parts, however I think the threats and
> sensitivity between these is quite different, i.e. hacking into the ID/loc
> mapping data base could result in misdirecting packets, hacking into
> identity store may result in loss of users' privacy.
>

Tom's response to me makes sense.


> [Uma]: Tom, you summarized well. I would note there is interconnected
> aspect to these 2 items w.r.t security. Identity AUTH can inherently bring
> security (and if needed privacy) to Identifier/Location mapping and
> strengthen that area tremondoesly.
> However, Identity privacy itself has  to be tackled and there are existing
> well defined mechanisms for that as discussed earlier in the IDEAS list
> (pointer from Diego, is a great example).
> When we described identity and it's uses here https://tools.ietf.org/html/
> draft-ccm-ideas-identity-use-cases-01#section-7 , we noted threat
> analysis aspect in Section 7 and was reflected in charter too.
>

Uma's response to Tom makes sense.


>         These seem fundamentally different so security considerations
> should probably be considered independently of each other.
>
> [Uma]: Different but interdependent on some aspects as mentioned above.
>

So, what I'm not understanding, is that there are two work items, and only
one framework deliverable. Is the intention that the identifier/locator
mapping system and the identity mapping system are different enough to have
different security considerations, but are so tightly interwoven that
neither is usable without the other, or with any other mapping system
separately, so it makes sense to lump them into one framework?

Again, either answer is OK, but if I'm going to ask, now would be the time
:-)

Spencer

        Tom
>
>         > (It doesn't have to be, for me to ballot Yes, but I did have to
> ask,
>

v2.23.0 | Report a Bug | By Email