[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Properties for identifiers (was Re: Security requirements for identification)

To: Tony Li <Tony.Li@procket.com>
Subject: Properties for identifiers (was Re: Security requirements for identification)
From: Pekka Nikander <pekka.nikander@nomadiclab.com>
Date: Wed, 01 Oct 2003 10:28:08 +0300
Cc: Kurt Erik Lindqvist <kurtis@kurtis.pp.se>, Randy Bush <randy@psg.com>, Christian Huitema <huitema@windows.microsoft.com>, Multi6 WG <multi6@ops.ietf.org>
In-reply-to: <D2EC481073504E498A8DB9C0687E8CAF067D3282@EXCHANGE0-0.na.procket.com>
References: <D2EC481073504E498A8DB9C0687E8CAF067D3282@EXCHANGE0-0.na.procket.com>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.5) Gecko/20030925

[Dropping HIP ML since this does not concern HIP any more,
 and fixing the subject.]

Tony Li wrote:

Ok, let me see if I can give a taxonomy of possible
identifier properties:

1. Syntax
2. Global Semantics
3. Local Semantics
3. Generation


In my humble opinion, we should most probably first have
some kind of idea of the semantics, before starting to
consider syntax or generation.  On the other hand, all the
four issues are intertwined, and therefore considering
pure semantics before syntax or generation may be pretty hard.

What comes to semantics, I don't see much value in any
*long* *term* solution where the identifiers have *considerably*
different local and global semantics.  (The only difference I
possibly see is that an ID may be globally anonymous or
pseudonymous while locally well known and linkable to the
real world.)  Personally, I don't mcy want to consider short
term solutions, since I am lacking both interest and expertese
in that area.

From my long term point of view, I also don't believe in
identifiers that are have any kind of topological semantics.
From my point of view, one of the most important aspects of the
id/loc split is to leave topology to the locators, and free
identifiers from the burden of topology.

I do admit that topologically linked identifiers may make sense
if we consider just multi-homing and not mobility or the other
potential goals of id/loc split.  Hence, it may make sense to
have such identifiers as a part of a short term solution.

Finally, there were two dimensions that you did not mention in the
property list at all:

  1. Security, or the level of assurance of identification that
     one can gain through using the identifier.  Note that we
     get a fair level of assurance from the routing system today.

  2. Privacy, or the easyness/hardness of linking an identifier
     to a real world entity (node or user).  Note that we do
     have some level of privacy today, due to NAT, dynamic address
     allocation in dial up servers, etc.

There are certainly others, but these two came to my mind.

--Pekka Nikander

References:
- RE: Security requirements for identification
  - From: "Tony Li" <Tony.Li@procket.com>

Prev by Date: Re: Security requirements for identification
Next by Date: Re: Security requirements for identification
Previous by thread: RE: Security requirements for identification
Next by thread: Minneapolis
Index(es):
- Date
- Thread