The Wrongness: Route and Identity
2016-09-25 01:46 by Ian
Of all the species of Wrongness I commonly observe in the wild, the conflation of Route and Identity is of particular concern at layer 7 of the OSI stack.
Route is NOT identity.
Route itself HAS identity. Otherwise, you couldn't distinguish between routes. But of all the properties that might impart identity to a thing, almost all are independent of route.
My phone number is not me. Nor am I my phone number. It is not part of my identity. It is only the identity of the route in the phone network.
Humans have these innate forms of identity: Face, gait, voice, signature.
I am my own identity because of (at minimum) these things that are immeditaly observable to anyone else.
Because altering those things typically involves an irreversible process, and altering them in a manner that allows for impersonation is neigh impossible, these things are used by our brains to authenticate other people.
My identity is innate. It cannot be revoked. I therefore have a Right to it.
Social Security Numbers cannot possibly be used to identity people. Any attempt to defy or ignore this fact will cause comical unintended consequences. An SSN is not innate to the person. For that reason alone, they are not authenticatable. And since they are the cryptographic equivalent of a *really* shitty pre-shared key that you cannot change or abandon ("Legal name", being the PSK hint), they are useless as authentication tokens.
The phone number is simply a route that I pay monthly for the privilege of monopolizing. That I must pay for it implies it is not innate, therefore not a Right.
The same applies to IP addresses. If identity and route really WERE related, there would be no need for DNS. This is the tied to agitations in network engineering circles for Content-defined Networking. It is also the beauty of protocols like Telehash. In those contexts, route and identity are not only formally separated, but means are provided to inter-relate them. By contrast, IP has no notion of identity, beyond that of the route (which is itself a strength).
Just as for my phone number, I pay monthly to monopolize the IP that hosts my webserver. I pay a separate bill to impart an identity of my choosing (a domain name) into the DNS system for the sake of tying an identity (the domain name) to a route (the IP address). If I cared about my identity, I would use a cryptographic notion of identity by putting cryptographic markers on my webserver (to validate the identity), and possibly also at my DNS server (to validate the route).
But really, most traffic to my IP is only for the sake of reading the content stored there. Which is not the identity. Which is not the route.