IETF Logo Mail Archive

Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

Yingzhen Qu <yingzhen.qu@huawei.com> Thu, 14 September 2017 16:50 UTC

Return-Path: <yingzhen.qu@huawei.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88368132D3F; Thu, 14 Sep 2017 09:50:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SMG0wb-2CkkR; Thu, 14 Sep 2017 09:50:03 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF76D132A89; Thu, 14 Sep 2017 09:50:00 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml704-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DOO91374; Thu, 14 Sep 2017 16:49:57 +0000 (GMT)
Received: from SJCEML702-CHM.china.huawei.com (10.208.112.38) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 14 Sep 2017 17:49:56 +0100
Received: from SJCEML521-MBX.china.huawei.com ([169.254.1.39]) by SJCEML702-CHM.china.huawei.com ([169.254.4.148]) with mapi id 14.03.0301.000; Thu, 14 Sep 2017 09:49:47 -0700
From: Yingzhen Qu <yingzhen.qu@huawei.com>
To: Uma Chunduri <uma.chunduri@huawei.com>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
CC: Tom Herbert <tom@herbertland.com>, "ideas@ietf.org" <ideas@ietf.org>, "ideas-chairs@ietf.org" <ideas-chairs@ietf.org>, The IESG <iesg@ietf.org>, Alvaro Retana <aretana@cisco.com>
Thread-Topic: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)
Thread-Index: AQHTKO4Tj339+NdFTEScRhyLfTFAPaKzw0iAgAAFzYCAAGo1gIAA0w4A//+ZXvA=
Date: Thu, 14 Sep 2017 16:49:47 +0000
Message-ID: <594D005A3CB0724DB547CF3E9A9E810BF0FEE5@sjceml521-mbx.china.huawei.com>
References: <150490809267.17244.96544246533076816.idtracker@ietfa.amsl.com> <CALx6S37_T_+6P0dhciYO7J_xTt_b_s0KYy+wdC=HngOQo8kh1g@mail.gmail.com> <25B4902B1192E84696414485F572685401A5ECBC@SJCEML701-CHM.china.huawei.com> <CAKKJt-f2X674u_PtUsyjAbNAFrePaK84pcNQewdApe6a+uK=yA@mail.gmail.com> <25B4902B1192E84696414485F572685401A5F08D@SJCEML701-CHM.china.huawei.com>
In-Reply-To: <25B4902B1192E84696414485F572685401A5F08D@SJCEML701-CHM.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.213.49.99]
Content-Type: multipart/alternative; boundary="_000_594D005A3CB0724DB547CF3E9A9E810BF0FEE5sjceml521mbxchina_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090205.59BAB336.00E3, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.1.39, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 74b791927aac8637b2798fa1bbc3e431
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/zOWAY6ydUlx1FQ3VasHdcqV_v3w>
Subject: Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2017 16:50:05 -0000

Hi,

I agree with Uma’s comments that one framework should cover both idy/idf mapping and idf/locator mapping, although different aspects/focuses will be considered.

Thanks,
Yingzhen

From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Uma Chunduri
Sent: Thursday, September 14, 2017 8:52 AM
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Cc: Tom Herbert <tom@herbertland.com>; ideas@ietf.org; ideas-chairs@ietf.org; The IESG <iesg@ietf.org>; Alvaro Retana <aretana@cisco.com>
Subject: Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

Hi Spencer,

Quick response In-line [Uma]:

Thx!
--
Uma C.

From: Ideas [mailto:ideas-bounces@ietf.org] On Behalf Of Spencer Dawkins at IETF
Sent: Wednesday, September 13, 2017 8:17 PM
To: Uma Chunduri <uma.chunduri@huawei.com<mailto:uma.chunduri@huawei.com>>
Cc: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; ideas@ietf.org<mailto:ideas@ietf.org>; ideas-chairs@ietf.org<mailto:ideas-chairs@ietf.org>; The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; Alvaro Retana <aretana@cisco.com<mailto:aretana@cisco.com>>
Subject: Re: [Ideas] Spencer Dawkins' Yes on charter-ietf-ideas-00-00: (with COMMENT)

So, responding to Uma's response to Tom's response to my response to the proposed charter (whew!),

On Wed, Sep 13, 2017 at 3:56 PM, Uma Chunduri <uma.chunduri@huawei.com<mailto:uma.chunduri@huawei.com>> wrote:
        > Is a look at general security implications, in a form that specific
        >framework  usages can point to, on the table for IDEAS?
        >e
        Spencer,

        I believe there are two discrete components being championed in IDEAS:
        One, is mapping system of identifier to locators and the other is introduction of identity mapping. The former looks much more like a routing or name resolution protocol, and the later would be doing identity management and possible collecting PII. There are obviously many security implications to      both parts, however I think the threats and sensitivity between these is quite different, i.e. hacking into the ID/loc mapping data base could result in misdirecting packets, hacking into identity store may result in loss of users' privacy.

Tom's response to me makes sense.

[Uma]: Tom, you summarized well. I would note there is interconnected aspect to these 2 items w.r.t security. Identity AUTH can inherently bring security (and if needed privacy) to Identifier/Location mapping and strengthen that area tremondoesly.
However, Identity privacy itself has  to be tackled and there are existing well defined mechanisms for that as discussed earlier in the IDEAS list (pointer from Diego, is a great example).
When we described identity and it's uses here https://tools.ietf.org/html/draft-ccm-ideas-identity-use-cases-01#section-7 , we noted threat analysis aspect in Section 7 and was reflected in charter too.

Uma's response to Tom makes sense.

        These seem fundamentally different so security considerations should probably be considered independently of each other.

[Uma]: Different but interdependent on some aspects as mentioned above.

So, what I'm not understanding, is that there are two work items, and only one framework deliverable. Is the intention that the identifier/locator mapping system and the identity mapping system are different enough to have different security considerations, but are so tightly interwoven that neither is usable without the other, or with any other mapping system separately, so it makes sense to lump them into one framework?

[Uma]: AFAICT, one cohesive framework to cover these 2 aspects is a good option. Obviously,  solutions are vastly different on how to do Identity privacy and federated Identifier/location mapping system with Identity services and those can be taken up in different documents later.


Again, either answer is OK, but if I'm going to ask, now would be the time :-)

[Uma]: Me too and would be happy to listen other opinions. Thanks for thoughtful comments and follow-up.


Spencer

        Tom

        > (It doesn't have to be, for me to ballot Yes, but I did have to ask,

v2.23.0 | Report a Bug | By Email