IETF Logo Mail Archive

Re: [Ideas] Your Input requested: Charter Proposal New Version

"Diego R. Lopez" <diego.r.lopez@telefonica.com> Wed, 09 August 2017 22:58 UTC

Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC62126CD8 for <ideas@ietfa.amsl.com>; Wed, 9 Aug 2017 15:58:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level:
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WnDYjico3ONG for <ideas@ietfa.amsl.com>; Wed, 9 Aug 2017 15:58:12 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20123.outbound.protection.outlook.com [40.107.2.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2CCB1204DA for <ideas@ietf.org>; Wed, 9 Aug 2017 15:58:11 -0700 (PDT)
Received: from DB6PR0601MB2167.eurprd06.prod.outlook.com (10.168.57.26) by DB6PR0601MB2168.eurprd06.prod.outlook.com (10.168.57.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1320.16; Wed, 9 Aug 2017 22:58:08 +0000
Received: from DB6PR0601MB2167.eurprd06.prod.outlook.com ([fe80::25:7eac:7ccc:f78d]) by DB6PR0601MB2167.eurprd06.prod.outlook.com ([fe80::25:7eac:7ccc:f78d%13]) with mapi id 15.01.1320.019; Wed, 9 Aug 2017 22:58:08 +0000
From: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
To: Uma Chunduri <uma.chunduri@huawei.com>, Tom Herbert <tom@herbertland.com>, Padma Pillay-Esnault <padma.ietf@gmail.com>
CC: "ideas@ietf.org" <ideas@ietf.org>
Thread-Topic: [Ideas] Your Input requested: Charter Proposal New Version
Thread-Index: AQHTDzzf0VnU7X7NZEetTe3DcOc6BqJ5A6EAgAArHICAA3DqAIAAKVSA
Date: Wed, 09 Aug 2017 22:58:08 +0000
Message-ID: <16A0829F-78E9-4E8C-B719-B25431603939@telefonica.com>
References: <CAG-CQxpxDXxLXdu0a2GdBRfTFLM_C+jqCz58HoNim52C7Yzr8g@mail.gmail.com> <CALx6S34hbV5D84RZQ1+V3zFz+VNeJsDn0rsr-PN6Wg4b1gdSpA@mail.gmail.com> <83622B5F-A2D0-40A4-BD75-BC6222754059@telefonica.com> <25B4902B1192E84696414485F572685401A3A234@SJCEML703-CHM.china.huawei.com>
In-Reply-To: <25B4902B1192E84696414485F572685401A3A234@SJCEML703-CHM.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.21.0.170403
authentication-results: spf=none (sender IP is ) smtp.mailfrom=diego.r.lopez@telefonica.com;
x-originating-ip: [83.49.234.105]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB6PR0601MB2168; 6:JAceZtg2QfgiMQ2kL0P5ZVxp8SsOFEiX1Nj4lnO43+x563M5BxnQSWPF4sW/KhDE9UMPNUSuF1B6mj8cblvZuVtCn2ISXXW2S6pGbcyP6eeG8Rym2cKV25S5GD0rH7tJ+zqiNYG/tyyR2fCYMmjiPD1SC+IxnisNf9WoTpjP+p0EmUIJHtRRb7JRYoqtzBZx0KIDUyUjLqZE5UHcndg3930usdlpneCPsfTH8rFtWA/Q84bFfwxB9iZRIzTECdD8jhtCoWHRs58RUEmI/bo+tD660V4AiX/Ap7n6oI3OWqTmfCzHM3+xb4g9+pwmVYWwaryQHeqe9KUsLLImpjDSkQ==; 5:DxEBBr5RTV5H9JQYUc1HUBvLTi0tl30wI+higJOClgQ1hO2Zkww78I/WlzkY6bSnZMEHg2ha0TgSEF4Lmxs0qM5hQADmhMdDCq26PP8bAg8neqAdAfsCtpGf+BPeaN+Qaa/brWD2vPZmYb6CU/fsJg==; 24:VRNyt9OQu4gCAtYJ+3CljzrlUOT9uBNF3eOuS2FvFbNtKjYUY2RmCQ4MHihwuMx0q1ku+adgdmY+X5/h8fh8+70yFRW50nic/bT3LoY1Exs=; 7:6XtDrSySo+NHGKVY/2TPpv0ZPkXqDsIo2gsPvYVOEnwUd3Jq/1U0y3woGJ7fimFnAHNaQNHA071dijUh4dROsLvVXi4NLDMij0svlj1vDGWBG0+IzSFwcx5je6qXZoWKOEYFVy4KMryf+dn1b2v3R7cQKV3TWIpMsCAzJqFY1lhEUhxNKAmzZlkPqzvvDG4A8Q2r/xL+qxdoVulSdjE5vMvZwXJZOrGeySUL452v0Q8=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 0c473f12-c765-4d1c-0aee-08d4df7a1a23
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DB6PR0601MB2168;
x-ms-traffictypediagnostic: DB6PR0601MB2168:
x-exchange-antispam-report-test: UriScan:(40392960112811)(40368554214317)(192374486261705)(50582790962513);
x-microsoft-antispam-prvs: <DB6PR0601MB216822609A1E9C2F0557E08FDF8B0@DB6PR0601MB2168.eurprd06.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(920513011)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123564025)(20161123558100)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB6PR0601MB2168; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB6PR0601MB2168;
x-forefront-prvs: 0394259C80
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39450400003)(39840400002)(39400400002)(39850400002)(39410400002)(39860400002)(25724002)(199003)(189002)(252514010)(40134004)(51914003)(24454002)(6512007)(99286003)(6116002)(3846002)(102836003)(86362001)(101416001)(6506006)(966005)(93886004)(4326008)(33656002)(82746002)(6306002)(25786009)(6436002)(2950100002)(53936002)(6246003)(229853002)(2900100001)(36756003)(6486002)(38730400002)(39060400002)(189998001)(3280700002)(3660700001)(8936002)(2906002)(68736007)(83506001)(97736004)(83716003)(5660300001)(5250100002)(478600001)(106356001)(305945005)(7736002)(105586002)(14454004)(4001350100001)(81156014)(53546010)(81166006)(8676002)(50986999)(54356999)(66066001)(76176999)(437600001)(87944003); DIR:OUT; SFP:1102; SCL:1; SRVR:DB6PR0601MB2168; H:DB6PR0601MB2167.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <AFB61D6156A5B9408643BB1D3DF3404B@eurprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: telefonica.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Aug 2017 22:58:08.2439 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0601MB2168
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/Rwz6ltU3mvilbf7gdXAYGSMTLr8>
Subject: Re: [Ideas] Your Input requested: Charter Proposal New Version
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2017 22:58:16 -0000

Hi Uma,

On 10/8/2017, 24:30 , "Uma Chunduri" <uma.chunduri@huawei.com> wrote:

        > - in addition, introduce the concept of identity-identifier split and new
        > mechanisms that let endpoints dynamically change identifiers. These new
        > functionalities may, for example, facilitate anonymity through obscurity
        > while preventing security issues that might result from abuse, ensuring that
        > information about actual endpoints and their location is revealed only on a
        > need-to-know basis.
        >
        Padma,

        I don't think this goes far enough in terms of protections for users
        against the potential abuse of something that might be able to
        individually and persistently identify them on the Internet. First,
        it's not clear what network layer identity means in this context. I
        hope it refers to an ad hoc collection of identifiers as opposed to
        the identity of individual users or devices. In any case maybe a
        definition of identity might be in order here. Secondly, I think it
        should be stated up front that identity cannot in any way be used to
        identify individual users, it cannot be used to create a global
        database of Internet users, in no way can it be used by networks or
        governments to track or block individuals, nor can it ever be required
        for communications. That implies network layer identities cannot
        contain PII (personally identifiable information) and cannot be
        permanently assigned to users or devices (in the same spirit that
        Ethernet addresses were removed from IIDs because of privacy
        concerns).

        Thanks,
        Tom

    When it comes to these concerns I’d strongly recommend to have a look at how identity attributes were exchanged and trust established within the ABFAB framework (https://tools.ietf.org/wg/abfab/)

    [Uma]: Though  this is not about SSOs or application stuff, thanks for the pointer.
                    I always believed EAP has a role to play for IDy auth procedures and lot of concerns brought out here (especially related to Identity-privacy) are effectively taken care with existing mechanisms.

ABFAB was not about SSO, but about using user identities to allow their access to network services while protecting user privacy. And among those services you could consider any kind of application or connectivity service…

Be goode,

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lopez@telefonica.com
Tel:        +34 913 129 041
Mobile: +34 682 051 091
-----------------------------------




________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

v2.23.0 | Report a Bug | By Email