RE: [Ideas] WG Review: IDentity Enabled Networks (ideas)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you for voicing your concerns 
"on the basis that it enables and seemingly encourages embedding  identifiers for humans as addresses"

This is not the objective or in the charter of this wg as you point out this would be against the policy.
Perhaps this can be made clearer in the charter - this is about machines and processes.

"If the work precluded the use of any identifiers that strongly map  to humans then I'd be ok with it being done as it'd then only be a waste of resources."

Well it really depends in which context this work is being used.
Looking at some of the postings, it seems that adding more context on the problem space would help to bring more clarity on the charter.

Padma 

> > -----Original Message-----
> > From: Ideas [mailto:ideas-bounces@xxxxxxxx] On Behalf Of Eggert, 
> > Lars
> > Sent: Wednesday, October 04, 2017 12:13 PM
> > To: Stephen Farrell <stephen.farrell@xxxxxxxxx>
> > Cc: ideas@xxxxxxxx; ietf@xxxxxxxx
> > Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)
> >
> > On 2017-9-29, at 11:31, Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote:
> > > As currently described, I oppose creation of this working group
> >
> > +1, for the reasons below
> >
> > Lars
> >
> > > on the basis that it enables and seemingly encourages embedding 
> > > identifiers for humans as addresses. Doing so would have 
> > > significant privacy downsides, would enable new methods for 
> > > censorship and discrimination, and could be very hard to mitigate 
> > > should one wish to help protect people's privacy, as I think is current IETF policy.
> > >
> > > If the work precluded the use of any identifiers that strongly map 
> > > to humans then I'd be ok with it being done as it'd then only be a 
> > > waste of resources. But I don't know how that could be enforced so 
> > > I think it'd be better to just not do this work at all.

-----Original Message-----
From: Ideas [mailto:ideas-bounces@xxxxxxxx] On Behalf Of Tom Herbert
Sent: Wednesday, October 04, 2017 10:07 AM
To: Stephen Farrell <stephen.farrell@xxxxxxxxx>
Cc: ideas@xxxxxxxx; Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx>; IETF-Discussion <ietf@xxxxxxxx>
Subject: Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

On Wed, Oct 4, 2017 at 9:34 AM,  <stephen.farrell@xxxxxxxxx> wrote:
>
>
> On Wednesday, 4 October 2017, Tom Herbert wrote:
>> On Wed, Oct 4, 2017 at 7:57 AM, Phillip Hallam-Baker 
>> <phill@xxxxxxxxxxxxxxx> wrote:
>> > On Fri, Sep 29, 2017 at 2:31 PM, Stephen Farrell 
>> > <stephen.farrell@xxxxxxxxx>
>> > wrote:
>> >>
>> >>
>> >> As currently described, I oppose creation of this working group on 
>> >> the basis that it enables and seemingly encourages embedding 
>> >> identifiers for humans as addresses. Doing so would have 
>> >> significant privacy downsides, would enable new methods for 
>> >> censorship and discrimination, and could be very hard to mitigate 
>> >> should one wish to help protect people's privacy, as I think is 
>> >> current IETF policy.
>> >>
>> >> If the work precluded the use of any identifiers that strongly map 
>> >> to humans then I'd be ok with it being done as it'd then only be a 
>> >> waste of resources. But I don't know how that could be enforced so 
>> >> I think it'd be better to just not do this work at all.
>> >>
>> >> S.
>> >
>> >
>> > +1
>> >
>> > I know how to restrict the work to 'meaningless' identifiers, 
>> > require that the identifiers be the output of a cryptographic algorithm.
>> >
>> > Now strictly speaking, this only limits scope to identifiers that 
>> > are indexical as opposed to rendering them meaningless but I think 
>> > that was the sense of it.
>> >
>> >
>> > Nöth proposed a trichotemy of identifiers as follows
>> >
>> > * Identity, the signifier is the signified (e.g. data: URI)
>> >
>> > * Indexical, the signifier is related to the signified by a 
>> > systematic relationship, (e.g. ni URIs, SHA256Data), PGP 
>> > fingerprints etc.)
>> >
>> > * Names,  the signifier is the related to the signified by a purely 
>> > conventional relationship, (e.g. example.com to its owner)
>> >
>> >
>> > There is a big difference between attempting to manage indexical 
>> > signifiers and names. Especially when the people trying to do so 
>> > refuse to read any of the literature on semiotics.
>> >
>> > Names are problematic because the only way that a conventional 
>> > relationship can be implemented is through some sort of 
>> > registration infrastructure and we already have one of those and 
>> > the industry that manages it has a marketcap in the tens of billions.
>> >
>> > Identifiers do lead to tractable solutions. But, this proposal 
>> > looks a bit unfocused for IRTF consideration, an IETF WG? Really?
>> >
>> Identifiers are equivalent to addresses in that they indicate a node 
>> in the network for the purposes of end to end communications. The 
>> only difference between identifiers and addresses is that identifiers 
>> are not topological. Virtual addresses in network virtualization are 
>> also identifiers. So the security properties are the same when 
>> considering privacy. For instance, if applications use temporary 
>> addresses for privacy, it would have equivalent properties using 
>> temporary identifiers. In fact from the application POV this would be 
>> transparent. It could get a pool of apparently random addresses to 
>> choose from as source of communication, it shouldn't know or even 
>> care if the addresses are identifiers.
>>
>> Identity is a completely separate concept from identifiers. Is not 
>> required in any of the identifier/locator protocols and AFAIK none of 
>> them even mention the term. There is no association of an identity of 
>> user behind and identifier any more than there is an association of 
>> identity behind IP address. The fact that the words "identifier" and 
>> "identity" share a common prefix is an unfortunate happenstance :-).
>
>
> Yes. But doesn't that mean either the name of this effort is wildly misleading or else the effort is hugely problematic from a privacy POV? Either way, istm this ought not proceed.
>
Stephen,

There are two distinct efforts represented in IDEAS. One is a developing a common identifier/locator mapping system and the other is identity management. IMO the first is much more tangible and it's clear this is needed given the emergence of id/loc use in data center, mobile networks, as well as network virtualization. The identity effort is less clear in terms of feasibility, privacy, and benefits-- there might be something there, but honestly it looks much more like a research project to me at this point.

Tom

_______________________________________________
Ideas mailing list
Ideas@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ideas




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]