IETF Logo Mail Archive

Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

Uma Chunduri <uma.chunduri@huawei.com> Wed, 13 September 2017 20:56 UTC

Return-Path: <uma.chunduri@huawei.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80B8A132697; Wed, 13 Sep 2017 13:56:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aL2oXxZyUf8j; Wed, 13 Sep 2017 13:56:52 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 212DF13293A; Wed, 13 Sep 2017 13:56:50 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml702-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DVK04506; Wed, 13 Sep 2017 20:56:49 +0000 (GMT)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml702-cah.china.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.301.0; Wed, 13 Sep 2017 21:56:48 +0100
Received: from SJCEML701-CHM.china.huawei.com ([169.254.3.191]) by SJCEML703-CHM.china.huawei.com ([169.254.5.62]) with mapi id 14.03.0301.000; Wed, 13 Sep 2017 13:56:41 -0700
From: Uma Chunduri <uma.chunduri@huawei.com>
To: Tom Herbert <tom@herbertland.com>, Spencer Dawkins <spencerdawkins.ietf@gmail.com>
CC: Alvaro Retana <aretana@cisco.com>, "ideas@ietf.org" <ideas@ietf.org>, "ideas-chairs@ietf.org" <ideas-chairs@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)
Thread-Index: AQHTKO4TIJF5eaYgTEaCd2CdawdzhaKzw0iA//+MDkA=
Date: Wed, 13 Sep 2017 20:56:41 +0000
Message-ID: <25B4902B1192E84696414485F572685401A5ECBC@SJCEML701-CHM.china.huawei.com>
References: <150490809267.17244.96544246533076816.idtracker@ietfa.amsl.com> <CALx6S37_T_+6P0dhciYO7J_xTt_b_s0KYy+wdC=HngOQo8kh1g@mail.gmail.com>
In-Reply-To: <CALx6S37_T_+6P0dhciYO7J_xTt_b_s0KYy+wdC=HngOQo8kh1g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.213.49.143]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020205.59B99B91.00F9, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.3.191, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 526adaf90ae987a7e879d2cd9edabaeb
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/kZHLuDUqdSBA7SCdNkf8ymZmIjg>
Subject: Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 20:56:53 -0000

	> Is a look at general security implications, in a form that specific 
	>framework  usages can point to, on the table for IDEAS?
	>e
	Spencer,

	I believe there are two discrete components being championed in IDEAS:
	One, is mapping system of identifier to locators and the other is introduction of identity mapping. The former looks much more like a routing or name resolution protocol, and the later would be doing identity management and possible collecting PII. There are obviously many security implications to 	both parts, however I think the threats and sensitivity between these is quite different, i.e. hacking into the ID/loc mapping data base could result in misdirecting packets, hacking into identity store may result in loss of users' privacy.

[Uma]: Tom, you summarized well. I would note there is interconnected aspect to these 2 items w.r.t security. Identity AUTH can inherently bring security (and if needed privacy) to Identifier/Location mapping and strengthen that area tremondoesly. 
However, Identity privacy itself has  to be tackled and there are existing well defined mechanisms for that as discussed earlier in the IDEAS list (pointer from Diego, is a great example). 
When we described identity and it's uses here https://tools.ietf.org/html/draft-ccm-ideas-identity-use-cases-01#section-7 , we noted threat analysis aspect in Section 7 and was reflected in charter too. 

	These seem fundamentally different so security considerations should probably be considered independently of each other.

[Uma]: Different but interdependent on some aspects as mentioned above.

	Tom

	> (It doesn't have to be, for me to ballot Yes, but I did have to ask,

v2.23.0 | Report a Bug | By Email