Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

"Joel M. Halpern" <> Wed, 04 October 2017 21:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DF8D81321A2; Wed, 4 Oct 2017 14:43:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id awFfxag-grrc; Wed, 4 Oct 2017 14:43:19 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AE6551344D0; Wed, 4 Oct 2017 14:43:15 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 96CF646DC9A; Wed, 4 Oct 2017 14:43:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=1.tigertech; t=1507153395; bh=7f5eHnEsdetQXGc4DcXO2/OTOLe/b8NbcQmU4CLwSiE=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=W+VbJtbi6m0SI8oWZ0gFY6iOm6otDw6BGikkMKFLbA8BFGmpyJdDJrtzu/lwSL9X0 6UDTac2ViMZrpi4Ms4SxFfufxHLV4D4JeEfMUGvd+pREZ8j7Tc/KCwPcYXV4bZuiJs 5JtoNpAMYC1552r5Ug36iJhTuKbZ8EXkZmwcGpTE=
X-Virus-Scanned: Debian amavisd-new at
Received: from Joels-MacBook-Pro.local (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 8C5B746DC44; Wed, 4 Oct 2017 14:43:13 -0700 (PDT)
To: Uma Chunduri <>, Stephen Farrell <>, Alexander Clemm <>, "" <>
Cc: "" <>, "" <>, "" <>
References: <> <> <> <> <> <> <> <>
From: "Joel M. Halpern" <>
Message-ID: <>
Date: Wed, 4 Oct 2017 17:43:12 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 Oct 2017 21:43:22 -0000

I see different people providing different descriptions of why this is 
being proposed.
I do not see a clear problem statement.
As such, it is not even clear to me that this is "a" working group.


On 10/4/17 5:26 PM, Uma Chunduri wrote:
> Hi Stephen,
>                  > .. information would be better able to track people compared to now.
> This is not about people..
> 	>Regardless of what one thinks of them, given that things like HIP and LISP exist, and try tackle the ID/LOC split, I see no benefit adding this extra layer of indirection with a privacy invasive "Unique and Permanent" identifier
>                  >which seems to be the only non-overlapping part of this work - in fact I only see downsides.
> This is also to enable security and access restrictions to the new breed of devices on the network (IoT or other mobility  nodes). Just because of the fact that they are on the network with an address they should not be allowed to be accessible.
> Authentication with a trusted IdP would enable establishing the type of the type of device, which then allows group based policies to be enforceable (a V2X node can talk to only same kind of node or a particular IoT can be accessed by only particular device).
> As discussed earlier in the list perhaps can be looked into build this federated system in the architecture document.
> I also see you are arguing(unfortunately)  against your document, where this can be one more potential mitigation tool w.r.t device anonymity (apart from encrypt everything/TCPINC - which serves a different and important purpose for content privacy w.r.t monitoring).
> I don't see a fully functional mapping system without any authentication into the system by the device/node for the mapping. This has been always the case in the cellular world and it seems we are all okay with it and today it's 80+% of the total traffic.
>   It would be great if you can suggest which can meet this objective in more balanced way...
> --
> Uma C.