Re: [Ideas] WG Review: IDentity Enabled Networks (ideas)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/11/2017 7:56 AM, Robert Moskowitz wrote:

and 'identity' is a red flag.

Whow there!  You were part of the Namespace Research Group?  I think?  I was and we we worked a lot on this and came to the conclusion that there could be no conclusion.  Not even a rough concensus, it seemed.

I have been using 'identity' to apply to things for 20 years. Pretty much ever since I started working with things.  Anyone that holds the position that 'identity' means we are talking only about people are allowing their thinking to be clouded.

I am concerned that the current proponents of the IDEAS work are mainly resisting the feedback, treating it as some roadblock put in the path of their work by misguided privacy purists, and attempting to remove the roadblocks by adding some weasel words to the charter. I would feel much more confident if these proponents acknowledged the tension between privacy and stable identifiers of any sort, if that tension was clearly noted in the charter, and if privacy goals were clearly stated.

Specifically, I think there is a contradiction between some of documents. For example, draft-padma-ideas-problem-statement-01 states that:
   o  A single entity may have multiple IDs, and IDs of the same entity
      may have different life spans that are different from the lifespan
      of the entity.  Furthermore, it is understood that IDs may have
      different lifecycles, which may be permanent or ephemeral by
      choice or design.

   o  Ephemeral (temporary) IDs may be used as a short-lived pseudonym
      for a permanent ID to protect the privacy of the related entity.
But then, draft-ccm-ideas-identity-use-cases-01 states that:
   a.  Unique and Permanent Identity representing the entity enables
       authentication (AUTH) with the mapping and Identity services
       infrastructure.  While it is possible to do AUTH on Identifiers
       those are not permanently associated to the entity.  Moreover,
       AUTH operation is a relatively an expensive and inefficient
       procedure (compared to LOC resolution for example) and can cause
       excessive startup delays for lot of applications.
The tension is obvious. On one hand, the ephemeral identifiers envisaged in the problem statement would pretty much align the privacy properties of the ID to those of IPv6 privacy addresses, and that's good. On the other hand, the requirement to perform authentication on identities completely negates that property.

I would be fine if the support for "Unique and Permanent Identity" was explicitly excluded from the charter. There is obviously a need to support some form of access control to a mapping database, but you do not need a reference to a permanent identity for that -- systems similar to CGA would work just fine.

-- 
Christian Huitema
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]