Re: [Stackevo] draft-thomson-use-it-or-lose-it

Eliot Lear <lear@cisco.com> Tue, 07 August 2018 06:18 UTC

Return-Path: <lear@cisco.com>
X-Original-To: stackevo@ietfa.amsl.com
Delivered-To: stackevo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A73C9130E84 for <stackevo@ietfa.amsl.com>; Mon, 6 Aug 2018 23:18:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l9ew8GnT5JYu for <stackevo@ietfa.amsl.com>; Mon, 6 Aug 2018 23:18:31 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 419B4130E83 for <stackevo@iab.org>; Mon, 6 Aug 2018 23:18:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4234; q=dns/txt; s=iport; t=1533622711; x=1534832311; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=sNPTZesr4AMxY/rMkTcbJZ66jnlLyOsNUqWvO2+M46o=; b=k4HpxwuoshbP37j97l6/9WNSq8120SPghbSkAzspbAN4nhiRQSKQhDv7 uzMBvlcuBG1A0uc5/D0MEviL0oSGRoDI3a/YAR6a7gMBZ0vkX+e4SpBkr aEKB8ah9fzmJ7Org9ag7OaxVsDAuoebr1k032Dt4yx87hgEKLpFBpUDZQ 0=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BiAwCbOGlb/xbLJq1cGgEBAQEBAgEBAQEIAQEBAYMgghAog36IaI1JLXeWbQgDhGwCg0s4FAECAQECAQECbSiFOAEFI1YQCxgqAgJXBg0GAgEBgxwBgX+sEYEuikkPiSCCAIESJ4I2NYd/glUCh1uSWgmDaoFZiXwGiDyFZJJfgVghgVIzGggbFYMkkFIDPTCPcwEB
X-IronPort-AV: E=Sophos; i="5.51,454,1526342400"; d="asc'?scan'208"; a="5675981"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Aug 2018 06:18:27 +0000
Received: from [10.61.241.247] ([10.61.241.247]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTP id w776IPYS006900; Tue, 7 Aug 2018 06:18:26 GMT
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, Stackevo <stackevo@iab.org>
References: <991AD90C-A84A-4302-BB25-C5FAB33C8E80@trammell.ch> <3C07107C-D373-4E4B-ABBA-B025AC3A7B2A@tik.ee.ethz.ch> <CABkgnnXyNAHHTCx_pWtuNdQmFkSjt2b+ytGr7G636-_VtG6mTA@mail.gmail.com> <4FD6FAB0-8C32-4FB8-8836-3538A6B463BF@tik.ee.ethz.ch> <CABkgnnVFZwvztZc9Qy=oJ0+pvchSoiVShKd1AhEJVD5G9UU_XA@mail.gmail.com> <2c74043e-ee37-694e-b850-ee52c9336453@cisco.com> <CABkgnnXHUEqVckcaHKSPEakdHSawUXW7XSSZ1Ah_9ReheH+Tcw@mail.gmail.com>
From: Eliot Lear <lear@cisco.com>
Openpgp: preference=signencrypt
Autocrypt: addr=lear@cisco.com; prefer-encrypt=mutual; keydata= xsBNBFMe1UQBCADdYOS5APDpIpF2ohAxB+nxg1GpAYr8iKwGIb86Wp9NkK5+QwbW9H035clT lpVLciExtN8E3MCTPOIm7aITPlruixAVwlBY3g7U9eRppSw9O2H/7bie2GOnYxqmsw4v1yNZ 9NcMLlD8raY0UcQ5r698c8JD4xUTLqybZXaK2sPeJkxzT+IwupRSQ+vXEvFFGhERQ88zo5Ca Sa1Gw/Rv54oH0Dq2XYkO41rhxQ60BKZLZuQK1d9+1y3I+An3AJeD3AA31fJZD3H8YRKOBgqe ILPILbw1mM7gCtCjfvFCt6AFCwEsjITGx55ceoQ+t5B5XGYJEppMWsIFrwZsfbL+gP31ABEB AAHNJUVsaW90IExlYXIgPGxlYXJAb2Zjb3Vyc2VpbXJpZ2h0LmNvbT7CwJEEEwECADsCGwMC HgECF4ACGQEWIQSY0L2QRh2wkqeyYR2HtmtG2dJ6MwUCWxJwMwULCQgHAgYVCAkKCwIEFgID AQAKCRCHtmtG2dJ6MyMyCACXvtFjAYGMtOkD9MD4nI3ifFpkrj8xTMbXjrv5hdqmzRmQ0wqA 1U/OlZux+P/NaVMiZNZc8zw0nsx/INAqDOVd4/tLWF+ywTkeRFR0VnaUxLwCReZAZOaRS+md +52u/6ddoFja2RnjZ43qbbuvVUARQVIyMJz+GbR6mEZQHR0psD7dDYZDyrpivCxm8zHQwmB6 AZUlO7OJgljDvVPVDCabg/ZnJw1qS0OzSiNb0MySk1D5A7FdwDgeKxuMYUOOoVVTTMWNWcME UkRX9LxElswEt0PQWiz/j3FYXTxiFfl/1vKcHx4pM+E5C5mhTbrdFUFLJC3Y5fLID7stK/Ch aEaBzsBNBFMe1UQBCAC0WV7Ydbv95xYGPhthTdChBIpPtl7JPCV/c6/3iEmvjpfGuFNaK4Ma cj9le20EA5A1BH7PgLGoHOiPM65NysRpZ96RRVX3TNfLmhGMFr5hPOGNdq+xcGHVutmwPV9U 7bKeUNRiPFx3YdEkExddqV2E8FltT0x2FSKe2xszPPHB6gVtMckX5buI9p1K3fbVhXdvEkcY Y/jB0JEJGyhS5aEbct5cHUvDAkT81/YFK5Jfg8RRwu1q1t1YuIJSOWAZQ9J9oUsg6D9RpClU +tIFBoe3iTp1AUfJcypucGKgLYKtpu/aygcpQONHYkYW5003mPsrajFhReVF5veycMbHs4u5 ABEBAAHCwF8EGAECAAkFAlMe1UQCGwwACgkQh7ZrRtnSejOSuQgA27p2rYB7Kh20dym6V8c6 2pWpBHHTgxr/32zevxHSiXl6xvUCg5T8WUwfUk8OvgDcBErK/blDAMXQzSg3sp450JhR8RnX HXF5Zz2T04X7HnlIVJGwf2CjnwyEAJCqMzaCmI+g3Imvg/8L4nyBFvhlFHDv+kIvMiujyycj PAu7xxKplBs1/IEwmDoAMjneFmawvfeQnwdMhSKK8PjKSuzGU5uUmxj3GBfRqvTM0qpmhMPF OmDhJSmH55HLAky2MlmqJYXJPt/9EfSEhFiua1M6gLiuNEuPkp+8jcnHQqKr0IeHt8UqcwLt 2mGfIyl0FVdF9hvWPjNRzGbgqoT1Di03RQ==
Message-ID: <7e79337f-ab27-91b7-44c1-a836ef6dad43@cisco.com>
Date: Tue, 07 Aug 2018 08:18:27 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <CABkgnnXHUEqVckcaHKSPEakdHSawUXW7XSSZ1Ah_9ReheH+Tcw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="wq4zNAbupQTlyD08tXmQ3tHBuiXhwVbeo"
X-Outbound-SMTP-Client: 10.61.241.247, [10.61.241.247]
X-Outbound-Node: aer-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/stackevo/RWxvXHqh2rR6-cDlc8wE5UujurI>
Subject: Re: [Stackevo] draft-thomson-use-it-or-lose-it
X-BeenThere: stackevo@iab.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IP Stack Evolution Program Mailing List <stackevo.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/stackevo>, <mailto:stackevo-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stackevo/>
List-Post: <mailto:stackevo@iab.org>
List-Help: <mailto:stackevo-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/stackevo>, <mailto:stackevo-request@iab.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2018 06:18:34 -0000

Hi Martin,

I'm just delving into Radius and EAP, but what I like is how opacity was
used early on for privacy purposes.   So for instance, perhaps the
largest federated network in the world is Eduroam, and it is built on
Radius and EAP.  Proper layering has made it possible for there to be
inner and outer identities that allow for IdPs to manage their user
bases independently and to keep some amount of privacy.  Klaas Wierenga
at GEANT was the principal designer.

We are trying to expand out AAA for IoT use cases, and in that context. 
Some of that work was done with EAP-TEAP, but a little bit more is
needed.  A key insight there is that it is sort of in between routing
and application, in that it is multi-party, but not to the insane extent
of a routing system.

At the Internet layer, of course, we have a big fat wasteland called
240/4, which is just sad.  Vince Fuller, Dave Meyer, and I wanted to
free up that space, but there were serious concerns that using it would
cause harm to systems not expecting it to be used, or simply would be
ineffective.  That was a while ago.

Eliot


On 07.08.18 02:24, Martin Thomson wrote:
> On Mon, Aug 6, 2018 at 11:22 PM Eliot Lear <lear@cisco.com> wrote:
>> In short, my suggestion is to first decide on what applicability you
>> want to have, and if broad, then let's explore some other cases.
> Brian made a similar comment.  I would really like to hear more about
> broader experience with this.  It seems like TLS is uniquely crappy
> when it comes to these issues (investigating why would be another
> valuable research subject...), but I can't believe for a moment that
> the implementation ecosystem of other protocols is pristine and
> blemish-free.
>
> If your experience with the AAA protocols reveals anything, I'd be
> very interested.  My understanding of RADIUS, having used it many
> years ago, was that it was a great example of the active use thing I
> advocate for.  That is, the mechanism you use to extend the protocol
> is so fundamental to the protocol that you cannot avoid correctness in
> extension handling.  Even having a stronger reaffirmation of that
> would be helpful.
>