Re: [Int-area] Continuing the addressing discussion: what is an address anyway?

[Eliot Lear]

Hi Dirk,

On 25.01.22 08:19, Dirk Trossen wrote:


Hence, I would suggest that any answers to the question above ought to 
be guided by what we (as users) want from the network, e.g., in terms 
of reachability, privacy, security, exposure of desired capabilities 
and possibly more.


The orthodoxy here is the seminal work of Shoch[1]. And of course 
there's Saltzer et al.[2]  The assumptions being made today by different 
players are indeed all over the map.  Routing is a function of the 
network.  Or is it?  Privacy is something the endpoint must manage.  Or 
is it?  So I like your approach for discussion.


Eliot

[1] http://www.postel.org/ien/txt/ien19.txt
[2] http://web.mit.edu/Saltzer/www/publications/endtoend/endtoendA4.pdf


OpenPGP_0x87B66B46D9D27A33.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature
___
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area

[Int-area] Continuing the addressing discussion: what is an address anyway?

[Dirk Trossen]

All,

Thanks for the great discussion, following our side meeting at IETF 112, so far.

I wanted to turn the discussion to a key question which not only arose in the 
side meeting already but also in the discussions since, namely "what is an 
address anyway?".

It seems that any answer would very much depend on the viewpoint of those 
wanting to answer the question (e.g., application vs network view). At 
different layers and different parts of the network, addresses may have 
different purposes and (desired) properties. Hence, scoping the possible 
answers is key, so let me try to do so.

Our discussion in the PS/GA drafts has been focused on Internet addressing, so 
scoping the wanted answers to an "Internet address" seems obvious. But our 
discussions so far also suggested that wanting to understand what we (as users) 
want from the network is a key aspect moving forward.

Hence, I would suggest that any answers to the question above ought to be 
guided by what we (as users) want from the network, e.g., in terms of 
reachability, privacy, security, exposure of desired capabilities and possibly 
more.

With that in mind, please let us know your views on this question in an attempt 
to tie our larger discussions back to the question on "addressing".

Best,

Dirk
___
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area

Re: [Int-area] 202201241417.AYC Re: Where/How is the features innovation, happening? Re: 202201152233.AYC

[Jiayihao]

Hello Abe,

0) Sorry I get it confused and assume that the a) Caller-ID and b) “incoming 
caller number” are different things. If b) is part of a), I get it wrong. I 
currently living in China, and my carrier always bring the b) “incoming caller 
number” each time I get a call, so probably still a modern life style : )

1) "... PKI/Certificate ..." is a patch-style tech and it works quite well, ant 
it is true things are different if we built a system from scratch. But is there 
anything you mean behind it that preform equally or better compare to " ...  
PKI/Certificate ...   " (in the context of Caller-ID or others)?

Thanks,
Yihao


From: Abraham Y. Chen 
Sent: 2022年1月25日 3:31
To: Jiayihao 
Cc: int-area@ietf.org; Tom Herbert 
Subject: 202201241417.AYC Re: [Int-area] Where/How is the features innovation, 
happening? Re: 202201152233.AYC
Importance: High

Hi, YiHao:

1)Re: Ur. Pt. 0):I am getting curious. May I ask where are you and how 
old are you? May be not landline. But, cellular mobile phone services always 
have at least the numerical part of the Caller-ID function, due to concerns 
such as who is going to pay for the air-time.

2)Re: Ur. Pts. 1) & 3):Good analysis. As to DNS, it is an unnecessary 
"reverse" effort relative to the white-book practice in the PSTN field.

3)Re: Ur. Pts. 2) & 4):" ...  PKI/Certificate ...   ":I do not 
believe this is necessary if we review the subject from the ground up.

Regards,


Abe (2022-01-24 14:30 EST)




On 2022-01-23 22:11, Jiayihao wrote:
Hello Abe,

0) Really appreciate sharing the story of Call-ID. It is really a fresh term 
and tech to me, and seems I haven’t got a chance to experience the Call-ID 
time. Really good to learn.

1) Based on my rough understanding of Call-ID, it is a classical example of how 
we choice to name an object. Assuming we want to visit the Apple Campus (the 
Headquarters of Apple Inc.) with our Google map, we can type a) Apple Campus 
(Name); b) 1 Infinite Loop, Cupertino, CA 95014 (Locator 1); c) 37.33182°N 
122.03118°W(Locator 2). The only difference is which one people would like to 
use, or which one is more friendly to human in their practice. My understanding 
is that people prefer Name while computer prefer Locator, so usually a system 
would like to provide the Name to users and build a subordinate Mapping system 
as while to corelate the name and the locator. DNS is just a good example we 
use every day.

2) Agree on your insight that authentication to just Call-ID(phone number) do 
not make much sense because it only provide the authentication of Locator, 
while leave the Name, which users are more willing to perceive, 
unauthenticated. I find that IETF STIR wg is working on this topic. Although I 
am not familiar right now, I feel a PKI/Certificate should be involved in order 
to gain practical value.

3) In a peer to peer context, IMHO, the Name based interface is more 
practically valuable compared to Locator based one, just like the name instead 
of phone number in the Call-ID case because the numbers do not offer any 
meaning even it is authenticated.

4) Agree on “….that we must have a "system view"….” and “…Some are not based on 
technology, but business practices or just mentality….”. But I feel there is no 
Silver Bullet and I don’t have an answer yet. It is really enjoyable to discuss 
and I will keep thinking on this.

Many thanks, Abe,
Yihao

From: Abraham Y. Chen 
Sent: 2022年1月17日 1:21
To: Jiayihao 
Cc: int-area@ietf.org; Tom Herbert 

Subject: Re: [Int-area] Where/How is the features innovation, happening? Re: 
202201152233.AYC
Importance: High

Hi, YiHao:

1)"...  I am curious how we can step back a bit as you said. ... current 
privacy are ultimately rely on trust point. ...":I have already outlined 
(perhaps hinted) what is needed to deal with this issue. That is, we have to 
look at the overall environment, not just keep digging deeper into the 
technology itself. No matter how great the technology is, there are always ways 
to get around or to defeat it. Some are not based on technology, but business 
practices or just mentality. In the case of the APPLE refusing to support LE, 
it was the combination of business decision (The LE decided to do it by 
themselves and to look for help from "volunteers") and the technical challenge 
(viewed by "hackers" as fun with reward) that bypassed the "trust point".

2)To demonstrate my point, I would like to share a brief history of a 
related topic, although based on an opposite initial intention, for you to 
compare and to figure out how to deal with the incident privacy / security 
goal. It was a service started with great results, but deteriorated by various 
business considerations and other influences to a point of nearly useless. The 
service was called Caller-ID. When it was first introduced to identify the 

[Int-area] 202201241417.AYC Re: Where/How is the features innovation, happening? Re: 202201152233.AYC

[Abraham Y. Chen]

Hi, YiHao:

1)    Re: Ur. Pt. 0): I am getting curious. May I ask where are you and 
how old are you? May be not landline. But, cellular mobile phone 
services always have at least the numerical part of the Caller-ID 
function, due to concerns such as who is going to pay for the air-time.


2)    Re: Ur. Pts. 1) & 3):    Good analysis. As to DNS, it is an 
unnecessary "reverse" effort relative to the white-book practice in the 
PSTN field.


3)    Re: Ur. Pts. 2) & 4):    " ...  PKI/Certificate ...   ":    I do 
not believe this is necessary if we review the subject from the ground up.


Regards,


Abe (2022-01-24 14:30 EST)




On 2022-01-23 22:11, Jiayihao wrote:


Hello Abe,

0) Really appreciate sharing the story of Call-ID. It is really a 
fresh term and tech to me, and seems I haven’t got a chance to 
experience the Call-ID time. Really good to learn.


1) Based on my rough understanding of Call-ID, it is a classical 
example of how we choice to name an object. Assuming we want to visit 
the Apple Campus (the Headquarters of Apple Inc.) with our Google map, 
we can type a) Apple Campus (Name); b) 1 Infinite Loop, Cupertino, CA 
95014 (Locator 1); c) 37.33182°N 122.03118°W(Locator 2). The only 
difference is which one people would like to use, or which one is more 
friendly to human in their practice. My understanding is that people 
prefer Name while computer prefer Locator, so usually a system would 
like to provide the Name to users and build a subordinate Mapping 
system as while to corelate the name and the locator. DNS is just a 
good example we use every day.


2) Agree on your insight that authentication to just Call-ID(phone 
number) do not make much sense because it only provide the 
authentication of Locator, while leave the Name, which users are more 
willing to perceive, unauthenticated. I find that IETF STIR wg is 
working on this topic. Although I am not familiar right now, I feel a 
PKI/Certificate should be involved in order to gain practical value.


3) In a peer to peer context, IMHO, the Name based interface is more 
practically valuable compared to Locator based one, just like the name 
instead of phone number in the Call-ID case because the numbers do not 
offer any meaning even it is authenticated.


4) Agree on “….that we must have a "system view"….” and “…Some are not 
based on technology, but business practices or just mentality….”. But 
I feel there is no Silver Bullet and I don’t have an answer yet. It is 
really enjoyable to discuss and I will keep thinking on this.


Many thanks, Abe,

Yihao

*From:* Abraham Y. Chen 
*Sent:* 2022年1月17日 1:21
*To:* Jiayihao 
*Cc:* int-area@ietf.org; Tom Herbert 
*Subject:* Re: [Int-area] Where/How is the features innovation, 
happening? Re: 202201152233.AYC

*Importance:* High

Hi, YiHao:

1) "...  I am curious how we can step back a bit as you said. ... 
current privacy are ultimately rely on trust point. ...":    I have 
already outlined (perhaps hinted) what is needed to deal with this 
issue. That is, we have to look at the overall environment, not just 
keep digging deeper into the technology itself. No matter how great 
the technology is, there are always ways to get around or to defeat 
it. Some are not based on technology, but business practices or just 
mentality. In the case of the APPLE refusing to support LE, it was the 
combination of business decision (The LE decided to do it by 
themselves and to look for help from "volunteers") and the technical 
challenge (viewed by "hackers" as fun with reward) that bypassed the 
"trust point".


2)    To demonstrate my point, I would like to share a brief history 
of a related topic, although based on an opposite initial intention, 
for you to compare and to figure out how to deal with the incident 
privacy / security goal. It was a service started with great results, 
but deteriorated by various business considerations and other 
influences to a point of nearly useless. The service was called 
Caller-ID. When it was first introduced to identify the caller for the 
convenience of the called party, it also put a big dent on 
telemarketers. That was because the capability was based on a facility 
inherent in the telephone system that no outsiders could touch. With 
the breakup of the Bell System, the Baby-Bells (There were seven to 
start with. They have gone through the M processes to become one 
AT again!) started to compete against one another. Some marketing 
genius invented the idea of offering (of course with compensation in 
return) big subscribers to customize their Caller-ID messages for 
various purposes, such as announcing sales. -- Note: Thanks to digital 
technology, the telephone switching equipment used by big business 
(called PABX) had become just as powerful as those used by local 
telcos (COs - Central Offices) where Caller-ID information originated. 
This allowed telemarketers (pretty big operations) to masquerade 
behind any phone number desired, such as using the