Re: [Ideas] [lisp] WG Review: IDentity Enabled Networks (ideas)

Dino Farinacci <farinacci@gmail.com> Wed, 11 October 2017 19:39 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D387C124239; Wed, 11 Oct 2017 12:39:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GBanYIrteCIL; Wed, 11 Oct 2017 12:39:19 -0700 (PDT)
Received: from mail-pf0-x243.google.com (mail-pf0-x243.google.com [IPv6:2607:f8b0:400e:c00::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBCE91342D6; Wed, 11 Oct 2017 12:39:18 -0700 (PDT)
Received: by mail-pf0-x243.google.com with SMTP id h28so3118444pfh.5; Wed, 11 Oct 2017 12:39:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Y3St2vojiMxDh3g/qp72u+d4nT9sShZsbDYQSvrcRAc=; b=sMcoSSqi0n4MC8QyBTQymYi/1NkTJhupE9TKu+J2Hwg6dmUSfmU4mx+AvX9vg87HOa LV7v+1+UuSwrTapCQSfJU6WTjYemXNPR8PqUaUxnk4lpFhzpxXZB1O0v/7MkkJia/JdU 6hHU7w+/Ti2Iq5/zxaEPCBTzMPcl7DctbpMEt3f69JCqFGwJI3CQsnNcD6bh3o8N5ZQW 2Sb2aHP3D6hB4LetJpTK7/E1yDh8FWhg1KHXkocH3FOtjuYJAtdtwlxu4ii3BFMlmO75 0lCvYn+8ZMLG1S+xDxuiTLkl0fZyyyPN4g4MEWvaHSN+oNMt/3KnTlHeYyqB6NxUlHHR FX2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Y3St2vojiMxDh3g/qp72u+d4nT9sShZsbDYQSvrcRAc=; b=sGMn4V6f4TG/7phwbxIAwNMDbxubsrH4NJY6qSmU8/3RL76NJ+iw+irYYmfn6lZCWW /eVmZ0IEhYzlDs9gGP8+Q008vBP6FjLMYeeYpS9bIblww9OQksfj5iyYzh9+iUGt9/Ny 3uxObdmQ/nwkSXlLUPXZOXmRgpzPgaa8eOXMOmY6ffS1dRn30Kvg7LPE2U5POBe3xMhS VfGRhs4LPqmViy7YriDUn2rLEnmZVg8JYe9YgfuM6/PDVj60j2kEyc7Vx3nV8zWnGtHn JdLdD9Q/S7fPoXNOTCEDnhW9a8XJwqBCSdKGJ5WPLa6IwGnTbamYAvyOrMnm1araM0cq doWA==
X-Gm-Message-State: AMCzsaV6citwVnaC2+JzhFAiSSTfN2CibxThR3Uslaz3Ff7aAL9M2tIT oYTHZ0IpVUoSwx9APHpy8xcmd/pm
X-Google-Smtp-Source: AOwi7QBbdbywYyDlopdurCmIct7gKuaY16Q3vdYaekWaU09zTvqQm00xqunS13Y7Ux4EJ7Z+2xgtAw==
X-Received: by 10.84.150.101 with SMTP id g92mr99450plg.168.1507750758254; Wed, 11 Oct 2017 12:39:18 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id s3sm15070525pfk.7.2017.10.11.12.39.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Oct 2017 12:39:17 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <b18459d1-7ce1-b83d-787d-9066267d584b@huitema.net>
Date: Wed, 11 Oct 2017 12:39:16 -0700
Cc: Padma Pillay-Esnault <padma.ietf@gmail.com>, "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org list" <lisp@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <17BE9E1D-120B-4508-B765-3799134FD708@gmail.com>
References: <150670160872.14128.2758037992338326085.idtracker@ietfa.amsl.com> <778d5504-ba4f-d418-7b20-356353bb0fb2@cs.tcd.ie> <CAMm+Lwg61PGrcmu=-e8ciD6Q+XmEaWWDys4g2M657VOjWmaGcg@mail.gmail.com> <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <644DA50AFA8C314EA9BDDAC83BD38A2E0EAA7204@sjceml521-mbx.china.huawei.com> <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie> <0BA14206-DC82-49EF-A625-B2425FA396F6@gmail.com> <1f254140-1340-6c7d-9c73-e7137562c685@gmail.com> <fa644cc2-161f-8884-3445-2b50d2c2ad23@htt-consult.com> <cf2ca920-f2d2-b65e-05eb-ebe3c30b76d1@huitema.net> <CAG-CQxrdS9L+2+bN=1NcPGuztn4U4OwSWUiNaVcS9Bsm2mtpfA@mail.gmail.com> <b18459d1-7ce1-b83d-787d-9066267d584b@huitema.net>
To: Christian Huitema <huitema@huitema.net>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/tkjBA1xwdn5mSf10sVL8BwaHXAk>
Subject: Re: [Ideas] [lisp] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2017 19:39:21 -0000

Let me ask for your opinion Christian (or anyone else for that matter). If a device is assigned a private/public key-pair and the identifier for the device is a hash of the public-key, is the identifier private?

Is the identifier trackable even when its network location is not generally known, not advertised publicly, and possibly changing frequently?

Dino

> On Oct 11, 2017, at 12:34 PM, Christian Huitema <huitema@huitema.net> wrote:
> 
> On 10/11/2017 10:32 AM, Padma Pillay-Esnault wrote:
>> but you do not need a reference to a permanent identity for that -- systems similar to CGA would work just fine.
>>  
>> 
>> The identity of the device is just adding a lever of identifier which effectively allows authentication to modify the identifiers used by that device but also what the users of these identifiers can look up. If we had used "user of identifier" it would have been misconstrued for humans. So damn if you do and damn if you don't ... 
>> 
>> We are open for discussions anytime.
>> 
> 
> Some thing you should be hearing is that "long term identity of device" has almost the same privacy properties as "long term identity of the device's owner". You may think that identifying a random piece of hardware is no big deal, but it turns out that the network activity and network locations of that piece of hardware can be associated to those of its human owner. So you need the same kind of protection for these device identifiers as for human identifiers.
> -- 
> Christian Huitema
>