On Wed, Oct 4, 2017 at 2:41 PM, Jari Arkko <jari.arkko@xxxxxxxxx> wrote:
I was a bit surprised to see this come out of the IESG for
review, given that we had fairly serious discussions about the
problems of the proposed approaches at the BOF, but I see little
attention on those issues in the charter.
But, to state my opinion about working group being created with this
charter, I have comments from two directions.
First, from the point of view of “do we need this” or “do I need this”,
I’m a “meh”. If the HIP and LISP folk and everyone else were
screaming for this, and we had enough deployment that we saw the
issues that the charter proposes, then sure. Not sure that’s case.
Secondly, I’m have similar concerns to Christian, Lars, Stephen and others.
More specifically, at the BOF the goal seemed to be creation of infrastructures
to manage and track identities, and to bind them to entities that assigned
them. I am not at all sure that’s a desirable direction. And the charter
says little about the assumptions behind the work.
<Padma>
The goal was not to manage and track identities but have a means to protect an identifier from misuse and abuse. The "user of an identifier" (disclaimer - user is not a human and in this context aka identity) typically need to authenticate to be able to update the locator in a mapping system. This aspect was just formalized in the charter.
Looking at much of the discussions, it is important to make this clarification in the charter.
To expand a bit on these concerns, the proposed work doesn’t consider
at all the types of identifier operations that work on ephemeral identities
(e.g., HIP, MP-TCP). It would be sad if we created systems that
forced us to manage identifiers from some infrastructure when all
we needed to do in a particular case was “prove that you are the
same entity as in the other connection”, which can be done e2e and
requires no infrastructure, or permanent identifiers.
<Padma> Actually after the discussions in the bof, it was clear that the entities should be allowed to have multiple identifiers and identities. The charter points to life cycle of these and there is no assumption that they cannot be ephemeral. The management of identities here is just formalizing what mapping systems need - an authentication of the "device using the identifier" for the update and look up of the locators. Today we already have identifiers/loc in infrastructure for lookups this is no different.
The goal was rather to check if that entity X that is trying to locate entity Y is ok by entity . If not, not to honor the look up - kind of a "do not call" list.
The charter text also mentions “identifier changes” in what feels
like a special case for what I would think is rather the default.
<Padma> no it is default as identifiers are best to be ephemeral for privacy.
I find concept of firewalls checking identity troublesome.
<Padma> there is no concept of enforcing firewall in the charter. The policy per identifier or identity is based on whether a lookup should be honored or not. Whether local firewalls (as in enterprise domains) are used to prevent and block communication is no different than today's use.
Now, I’m not opposed to creating a working group in the IETF in this
area, and to support various infrastructure needs of say mobility or
multihoming or anycast protoocols, but if we do it, we need to do
it right. Dino’s suggestion of mapping systems without the manage/
create aspect might be one potential useful direction. Another
way to think about this space is to consider nodes to have autonomy
in how they manage and create their identities, when they reveal
or do not reveal identities. Then we could ask what
helpful tasks might an infrastructure provide on top of that, e.g.,
mapping services or forwarding agent type designs.
<Padma>
Agree that we want to do it the right. The notion autonomous nodes having their say on when to reveal their location is a goal for this infra. The "identities" in this context here are never revealed on the wire but only the pseudonyms or identifiers associated.
There has been a lot of discussions on the alias and drafts which unfortunately cannot be reflected in a charter.
One of the goals is to have better privacy and prevent easy tracking (as with long lived identities) against eavesdroppers or outsiders.
Padma
Jari
_______________________________________________
Ideas mailing list
Ideas@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ideas