Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)

Phillip Hallam-Baker <> Sun, 20 August 2023 19:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 244B5C14CE40 for <>; Sun, 20 Aug 2023 12:39:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.409
X-Spam-Status: No, score=-1.409 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MkW72vGmPMXl for <>; Sun, 20 Aug 2023 12:39:28 -0700 (PDT)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id A0437C14CE36 for <>; Sun, 20 Aug 2023 12:39:28 -0700 (PDT)
Received: by with SMTP id 586e51a60fabf-1c504386374so1974581fac.3 for <>; Sun, 20 Aug 2023 12:39:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20221208; t=1692560368; x=1693165168; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MIlZXrYjqvBoTQYLtVvtWv4ko7fwPuxxFuvGW320E+w=; b=Q9oSylbV7mw0h4X7yqt1svsMi9tuvYheme3evGyiIHlNh7777j51gLXRY/Jfs2S7c5 S8XMhe3uYH5Y5WLrKearoGwzfjw48KpgSvx6WMjDkkdocPsHh7QQTHNrVxKc5o76p4Vs fsmGwxps6grjv/mXu320+KvyQNbvxoodRyqPyS/PEA1284JjDX2iCJEW/zIUKkpdp27V mJZEU9WpZyKf5bSch5XkZMCgTPgFfvbOnPDjbwiLU1ZMdBSuYhkYilAreTWgnq5bRKQZ j8VhBotB+lhAMZwSPGV0YD7CRGhnWoYGyvMlVrRZG1KhpjKsOVrKf8b0BJGrvZAdp4tO iAiw==
X-Gm-Message-State: AOJu0YzBXO9jSm2IaCcGbAHpDmtrUKHY3igUH4bq0rIMmy2nDSg09507 29bMySDOlfDmPGhpnHRfXucn61N3yzcJeZQrfbs=
X-Google-Smtp-Source: AGHT+IFLbwOv520KdAdRqWBrrCiM9ACP6MjhD4I97Udu48u094QuYmF0f8Z6c0Y59vb/5O4ZMrpZn19SBsi4Ped01pM=
X-Received: by 2002:a05:6870:ec90:b0:1c8:ca70:dd0c with SMTP id eo16-20020a056870ec9000b001c8ca70dd0cmr6869097oab.19.1692560367836; Sun, 20 Aug 2023 12:39:27 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Phillip Hallam-Baker <>
Date: Sun, 20 Aug 2023 15:39:13 -0400
Message-ID: <>
To: Toerless Eckert <>
Cc: Hesham ElBakoury <>,
Content-Type: multipart/alternative; boundary="0000000000007c607406035feb55"
Archived-At: <>
Subject: Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 20 Aug 2023 19:39:29 -0000

On Sun, Aug 20, 2023 at 12:42 AM Toerless Eckert <> wrote:

> As long as we keep e.g.: corporate naming schemes such as eckert-<whatever>
> for all equipment assigned to me at some employer, i am sure that the
> trackers will be happy to have us develop hardly tracable user-identity
> for us as people.
> Translation: tongue in cheek example for how device identity/naming may
> undermine
> user identity, and that i fear such outcome will be more likely if we
> ignore it
> in the process we're about to engage in.

That strikes me as an anti-pattern for the reasons you suggest.

I have been trying very hard to avoid exposing device identifiers to
unauthorized parties. But that imposes some very real costs. Consider the
following scenarios which I think are all pretty good cases for identifying
a device:

* Any interaction with a device that has a static IP address on the public
* Alice has 5 devices she uses to log into her employer's SSH systems.

Oh and yes, that first one pretty much busts a great big hole in the
argument IPv6 will make NAT go away. No it will not and it MUST NOT. The
only way to conceal which device I am using is to use some form of NAT.

There are also cases where I definitely don't want my specific device to be
identified. And for some of those I would ideally want to use threshold
techniques so that my phone, watch and laptop all have different shares to
the same signature key. I can prove which device signed a message but
nobody else can without the logs from my threshold service.