Tony Li allegedly wrote on 07/18/2010 04:02 EDT:
>> Does anyone else think global/universal uniqueness of the identifier is the
>> wrong objective?
>
> I think that if that is the only acceptable identifier that privacy advocates
> would have a major issue.
You need universally unique identifiers for anything that wants to
communicate with authentication. That doesn't mean particular things
need to carry unique identifiers in particular protocols, as long as
whatever is in the relevant protocols can map to them. Sticking an
identifier in a network protocol header is just one mechanism.
- When I connect to a network I need to be authenticated but what
actually has to happen? If I hand the access network an opaque
string and the name of my bank, the access network doesn't need to
know "who" I am, it just needs to know that I can pay for access.
In that case yes I need a unique identifier but it doesn't have to
be something I show the access network. The access network doesn't
care -- it just needs to use _its_ mechanisms to monitor my usage
or whatever it wants to bill me for.
- When I connect to you, "Tony" or "Toni", I need to verify who I am,
and maintain a mapping between that identity and my packets, but
what needs to be in packets? After initial authentication (in
which my unique identifier can be payload, not necessarily in a
packet header), perhaps the packets only need to point to a
security association.
So ... yes you need unique identifiers -- many of them at many layers --
but AA functions do not need to have an identifier thrown at them again
and again, all they really need is for packets to have something that
uniquely maps to that unique identifier at a particular time in their
particular scope.
_______________________________________________
rrg mailing list
[email protected]
http://www.irtf.org/mailman/listinfo/rrg
