Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

Uma Chunduri <uma.chunduri@huawei.com> Wed, 04 October 2017 21:26 UTC

Return-Path: <uma.chunduri@huawei.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89862132D54; Wed, 4 Oct 2017 14:26:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pCcqN2E-J5Uj; Wed, 4 Oct 2017 14:26:21 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 349D61344C9; Wed, 4 Oct 2017 14:26:20 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml701-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DWW05974; Wed, 04 Oct 2017 21:26:17 +0000 (GMT)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.301.0; Wed, 4 Oct 2017 22:26:16 +0100
Received: from SJCEML701-CHM.china.huawei.com ([169.254.3.215]) by SJCEML703-CHM.china.huawei.com ([169.254.5.15]) with mapi id 14.03.0301.000; Wed, 4 Oct 2017 14:26:06 -0700
From: Uma Chunduri <uma.chunduri@huawei.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Alexander Clemm <alexander.clemm@huawei.com>, "tom@herbertland.com" <tom@herbertland.com>
CC: "ideas@ietf.org" <ideas@ietf.org>, "phill@hallambaker.com" <phill@hallambaker.com>, "ietf@ietf.org" <ietf@ietf.org>
Thread-Topic: [Ideas] WG Review: IDentity Enabled Networks (ideas)
Thread-Index: AQHTOT4HqNfbNA2TZ0OR3IdlIasmsqLMpUwAgAefuYCAABZuAIAABMSAgAAlQ4CAAA/0gP//oBpQ
Date: Wed, 04 Oct 2017 21:26:05 +0000
Message-ID: <25B4902B1192E84696414485F572685401A871BB@SJCEML701-CHM.china.huawei.com>
References: <150670160872.14128.2758037992338326085.idtracker@ietfa.amsl.com> <778d5504-ba4f-d418-7b20-356353bb0fb2@cs.tcd.ie> <CAMm+Lwg61PGrcmu=-e8ciD6Q+XmEaWWDys4g2M657VOjWmaGcg@mail.gmail.com> <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <644DA50AFA8C314EA9BDDAC83BD38A2E0EAA7204@sjceml521-mbx.china.huawei.com> <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie>
In-Reply-To: <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.213.49.159]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A0B0206.59D551FA.0073, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.3.215, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 6c3af99f58e1567df8b7e11a874c70d8
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/rWKgBiP2ERFj65u1d3DRtvlZB64>
Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2017 21:26:22 -0000

Hi Stephen,

                > .. information would be better able to track people compared to now.

This is not about people..

	>Regardless of what one thinks of them, given that things like HIP and LISP exist, and try tackle the ID/LOC split, I see no benefit adding this extra layer of indirection with a privacy invasive "Unique and Permanent" identifier
                >which seems to be the only non-overlapping part of this work - in fact I only see downsides.

FWIW,
This is also to enable security and access restrictions to the new breed of devices on the network (IoT or other mobility  nodes). Just because of the fact that they are on the network with an address they should not be allowed to be accessible. 
Authentication with a trusted IdP would enable establishing the type of the type of device, which then allows group based policies to be enforceable (a V2X node can talk to only same kind of node or a particular IoT can be accessed by only particular device). 
As discussed earlier in the list perhaps https://tools.ietf.org/wg/abfab/ can be looked into build this federated system in the architecture document.
I also see you are arguing(unfortunately)  against your https://tools.ietf.org/html/rfc7258 document, where this can be one more potential mitigation tool w.r.t device anonymity (apart from encrypt everything/TCPINC - which serves a different and important purpose for content privacy w.r.t monitoring).

I don't see a fully functional mapping system without any authentication into the system by the device/node for the mapping. This has been always the case in the cellular world and it seems we are all okay with it and today it's 80+% of the total traffic.
 It would be great if you can suggest which can meet this objective in more balanced way...

--
Uma C.