Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

Christian Huitema <> Mon, 02 October 2017 16:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DCA67132D41 for <>; Mon, 2 Oct 2017 09:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id L9PEL8YZElK8 for <>; Mon, 2 Oct 2017 09:46:32 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C717A120720 for <>; Mon, 2 Oct 2017 09:46:31 -0700 (PDT)
Received: from ([]) by with esmtps (TLSv1.2:AES128-SHA:128) (Exim 4.89) (envelope-from <>) id 1dz3rQ-00056G-4S for; Mon, 02 Oct 2017 18:46:29 +0200
Received: from [] ( by with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <>) id 1dz3r6-0005fB-OO for; Mon, 02 Oct 2017 12:46:27 -0400
Received: (qmail 4397 invoked from network); 2 Oct 2017 16:46:04 -0000
Received: from unknown (HELO []) ([]) (envelope-sender <>) by (qmail-ldap-1.03) with ESMTPA for <>; 2 Oct 2017 16:46:04 -0000
To: Dino Farinacci <>, "Templin, Fred L" <>
Cc: The IESG <>, "" <>
References: <> <> <> <>
From: Christian Huitema <>
Message-ID: <>
Date: Mon, 2 Oct 2017 09:46:02 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
Authentication-Results:; auth=pass smtp.auth=
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.29)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5tC5u20H4jDeqOqKhKMa17wXv9krsgRhBn0ayn6qsUc7p7He3a39gjg/ 9oOEoAajC61PdOWeIW8R8TgUu5HhPnLXsZ/zvZCpyHRns5FgvqdnTGulXfuaNr1V9B1E4+3dI3nk BRYAruZ5hO/GfxnCDKeAoqWDmtF8nD2nEDT705fpjj0HlFDoqoWF20+xKQ35+nd/nGlMBQ0xDQkm A/S/XlviXj3T4KI9X3Edk1VAD/raxm0eXjh1Edf5/6lW85Glx+BFwYDEPnet1tXHsknHYhhwbzpt P1hS4Kj7E/EWE1j8sESBnZ29929fqpFFzBN0ceyPnEGyyfS0ggcDdodDMKpYg9ruAKOoPnwmy4wG 8XtJqWVYNxS4myu1gxnHJBnmumz49PzUWhdE3zEeQF2k5bdHrh2h0Pu50H7NzHw6NK3VYL8jvyeW A9EsRvV6CqjePBKOhcObZXWnkEw+6F9CGyYjmJKJXZ+nOfVIFw1j15M+NioHoPZGa4M+gVoRbXuj edLPh3AwRDSwUY58cvL01UgHmFDqewO9xyOqCYO8P1aHuJ+q0VAdWduuFNAGSPDW/D0UF36LWvas gj4e2T8BuA1dHghQC//pO9KiygTP+bGF8N2IrsxSJSJSZLlKTS85vMibYT4C2qF2lnc18bVJn66J awn+Wnh2kh0k8ZYL6YOznrQCcLg4qwXcikLD+MiFBTwJWw42swm4bO6gacpMpzLdQBUMkAI/PGrN 0+wWmMSTxD0lugE85NC8TRxNzgAe9FjI1dRH6f16eQCtvwPkeoy/RHCd+AU+DSNrWD2KXtAdl1Fr MVSE/J/ewUnTj7YP55q9INbyRwqQyVkoHpS/jX2RVYKU9W9tbmVXJBqdHHDm8ZIH36IzEI956ubs TR4WHrFV5oTvAcwA4rM3FkfW8/2B3o0d/ygg1mkxyifBss2L
Archived-At: <>
Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 02 Oct 2017 16:46:33 -0000

On 10/2/2017 9:23 AM, Dino Farinacci wrote:
>> So, we see ID/Loc architectures as a useful tool for supporting this
>> safety-of-flight critical ATM service. Should it be noted that there are
>> use cases where mobile node tracking is indeed desirable?
> Note Christian, in LISP you can have ephemeral and crypto EIDs. See draft-ietf-lisp-eid-anonymity-00 and draft-farinacci-lisp-ecdsa-auth-00, respectively, for details.

Dino, I am well aware that we (well, you) *can* engineer ID/LOC networks
to have good privacy properties. But I am also aware that if this is not
an explicit goal in the charter, we may very well end up with
architectures that have pretty bad properties. For example, most ID/LOC
architectures rely on a database that provides the up-to-date LOC for an
ID. In my bad dreams, I could see the database extended to provide other
properties of the ID, such as subscriber ID. Similarly, there was a
proposal some time ago to have a unique IPv6 identifier for every EU
citizen; that bad idea was quashed, but we could easily see something
like that resurface as on unique ID per user. That's why I would like to
see the proposed charter to be crystal clear about privacy requirements,
rather than just say that we will think about it.

Christian Huitema