Re: [lisp] [Ideas] WG Review: IDentity Enabled Networks (ideas)
Christian Huitema <huitema@huitema.net> Wed, 11 October 2017 16:16 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 873CD1342D5 for <lisp@ietfa.amsl.com>; Wed, 11 Oct 2017 09:16:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fMvxDHR9iDj for <lisp@ietfa.amsl.com>; Wed, 11 Oct 2017 09:16:08 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15C121342C2 for <lisp@ietf.org>; Wed, 11 Oct 2017 09:16:08 -0700 (PDT)
Received: from xsmtp06.mail2web.com ([168.144.250.232]) by mx36.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1e2Jfw-0000H5-9u for lisp@ietf.org; Wed, 11 Oct 2017 18:16:05 +0200
Received: from [10.5.2.17] (helo=xmail07.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1e2Jfs-00067D-L6 for lisp@ietf.org; Wed, 11 Oct 2017 12:16:01 -0400
Received: (qmail 29808 invoked from network); 11 Oct 2017 16:15:59 -0000
Received: from unknown (HELO [192.168.1.103]) (Authenticated-user:_huitema@huitema.net@[172.56.42.26]) (envelope-sender <huitema@huitema.net>) by xmail07.myhosting.com (qmail-ldap-1.03) with ESMTPA for <lisp@ietf.org>; 11 Oct 2017 16:15:58 -0000
To: Robert Moskowitz <rgm-ietf@htt-consult.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>, Dino Farinacci <farinacci@gmail.com>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "lisp@ietf.org list" <lisp@ietf.org>
References: <150670160872.14128.2758037992338326085.idtracker@ietfa.amsl.com> <778d5504-ba4f-d418-7b20-356353bb0fb2@cs.tcd.ie> <CAMm+Lwg61PGrcmu=-e8ciD6Q+XmEaWWDys4g2M657VOjWmaGcg@mail.gmail.com> <CALx6S370-TuoUicWep5vV2NjLPS4d-HP1qVxW_nGrxhBLw6Eug@mail.gmail.com> <8kd5pq.oxb4pv.rtlo8t-qmf@mercury.scss.tcd.ie> <644DA50AFA8C314EA9BDDAC83BD38A2E0EAA7204@sjceml521-mbx.china.huawei.com> <dd2c3bd5-dd37-109b-2e81-0327db4daa09@cs.tcd.ie> <0BA14206-DC82-49EF-A625-B2425FA396F6@gmail.com> <1f254140-1340-6c7d-9c73-e7137562c685@gmail.com> <fa644cc2-161f-8884-3445-2b50d2c2ad23@htt-consult.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <cf2ca920-f2d2-b65e-05eb-ebe3c30b76d1@huitema.net>
Date: Wed, 11 Oct 2017 09:15:56 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <fa644cc2-161f-8884-3445-2b50d2c2ad23@htt-consult.com>
Content-Type: multipart/alternative; boundary="------------92B9B6E8D99A2797A6DF8518"
Content-Language: en-US
X-Originating-IP: 168.144.250.232
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.26)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5nt2WKbMNDUxhDfjWr63rHQXv9krsgRhBn0ayn6qsUc7wVs6Zcv/r9lN 2vpy9awzD7gNzB/4Jkrw1eDLcif59ft5byFp/7jATAGFwe7RZ4oVB98yDTitFWvbHwz9vKZpm/D1 Ad4OAlzgsEH8ABk9OXtfZdf1siwYNJirk4ABKayRZsQEbaxxISMHgJxrdMdSS4B6hVJPXxgisa+g wkHvC+OlqTWdUBHTyoJG+mqGBYi8bWhnKPmUW/oWx9V3wTBfG4Y+ZnfomCI+rgOtA8u12EwuwjY+ quNh23liqqeOwMwwqy4lE5s79uoGaeHjfOqnzPcqs5RcLqZ0NIAm9sCHr2eyNIkhDia+jiI1x+25 WhJqOf3+cMSJJ9Vk8Y6lSpImWOFtQUIkkMAnR5eEArf6zd8XhA0UizXQaOxPdjju+1r1qq9IJIue NdZ12JJe7t4cD3McN6qoXPjenLhIOF1oeRYzOG1K2UOhXehmpLbLUpy4Qq2CcNj3kTexD/r3mYRl VTvBN9bCsMRC+NlSYmL03IDh9PobrbwB1Jj4vRnvuFdQKx3Zprq3ZEpafGy+zLjUntilh9dvYvV/ 5Pg3UZt3l4cobM5+AwD0A5qDgSPsXJ3GaydQSHaKCADuB2RogJvWPZnHEeB4hpRrmo/duzUUp/L8 t54grI4U4SFuX4VcQn799IrY44s9jB8hT0eA35srq3LYM3A6BXfvel8OEFDbU529jj6VuEkkQiOd 2CLFCAI+lXmk/kN/ohhMsDjVJmzLuIj2lB9TLiDMfXuvSrucRXqLltlcS50veJ4w4EzZsk1xpsib JQz6bCR19sO/++nnSqCDBedeB75TJ0VuxRY+unEnaeycva4NRXu2m3j3Y8zB9xGo0bndvIE+SDBs cm+vLiZuZ5OAUoGBziSYFLZuu6wTRhJez+ibxiREoUwadL3g
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/9WroJc1faxzKV65ImBeKaoixSnE>
Subject: Re: [lisp] [Ideas] WG Review: IDentity Enabled Networks (ideas)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2017 16:16:09 -0000
On 10/11/2017 7:56 AM, Robert Moskowitz wrote:
>> and 'identity' is a red flag.
>
> Whow there! You were part of the Namespace Research Group? I think?
> I was and we we worked a lot on this and came to the conclusion that
> there could be no conclusion. Not even a rough concensus, it seemed.
>
> I have been using 'identity' to apply to things for 20 years. Pretty
> much ever since I started working with things. Anyone that holds the
> position that 'identity' means we are talking only about people are
> allowing their thinking to be clouded.
I am concerned that the current proponents of the IDEAS work are mainly
resisting the feedback, treating it as some roadblock put in the path of
their work by misguided privacy purists, and attempting to remove the
roadblocks by adding some weasel words to the charter. I would feel much
more confident if these proponents acknowledged the tension between
privacy and stable identifiers of any sort, if that tension was clearly
noted in the charter, and if privacy goals were clearly stated.
Specifically, I think there is a contradiction between some of
documents. For example, draft-padma-ideas-problem-statement-01 states that:
o A single entity may have multiple IDs, and IDs of the same entity
may have different life spans that are different from the lifespan
of the entity. Furthermore, it is understood that IDs may have
different lifecycles, which may be permanent or ephemeral by
choice or design.
o Ephemeral (temporary) IDs may be used as a short-lived pseudonym
for a permanent ID to protect the privacy of the related entity.
But then, draft-ccm-ideas-identity-use-cases-01 states that:
a. Unique and Permanent Identity representing the entity enables
authentication (AUTH) with the mapping and Identity services
infrastructure. While it is possible to do AUTH on Identifiers
those are not permanently associated to the entity. Moreover,
AUTH operation is a relatively an expensive and inefficient
procedure (compared to LOC resolution for example) and can cause
excessive startup delays for lot of applications.
The tension is obvious. On one hand, the ephemeral identifiers envisaged
in the problem statement would pretty much align the privacy properties
of the ID to those of IPv6 privacy addresses, and that's good. On the
other hand, the requirement to perform authentication on identities
completely negates that property.
I would be fine if the support for "Unique and Permanent Identity" was
explicitly excluded from the charter. There is obviously a need to
support some form of access control to a mapping database, but you do
not need a reference to a permanent identity for that -- systems similar
to CGA would work just fine.
--
Christian Huitema
- [lisp] Fwd: WG Review: IDentity Enabled Networks … Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Stephen Farrell
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Brian E Carpenter
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Tom Herbert
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Robert Moskowitz
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Christian Huitema
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Padma Pillay-Esnault
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Alexander Clemm
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Christian Huitema
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Eric Rescorla
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Sam Sun
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Dino Farinacci
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Randy Bush
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Toerless Eckert
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Tom Herbert
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Toerless Eckert
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Tom Herbert
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… John C Klensin
- Re: [lisp] [Ideas] WG Review: IDentity Enabled Ne… Toerless Eckert