IETF Logo Mail Archive

Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)

John Levine <johnl@taugh.com> Thu, 29 June 2023 17:54 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F625C14CE42 for <architecture-discuss@ietfa.amsl.com>; Thu, 29 Jun 2023 10:54:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.846
X-Spam-Level:
X-Spam-Status: No, score=-1.846 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="w2sBy+Oc"; dkim=pass (2048-bit key) header.d=taugh.com header.b="ASS64ipC"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 40O2iwBwknMW for <architecture-discuss@ietfa.amsl.com>; Thu, 29 Jun 2023 10:54:27 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A118AC14CF13 for <architecture-discuss@ietf.org>; Thu, 29 Jun 2023 10:54:27 -0700 (PDT)
Received: (qmail 36464 invoked from network); 29 Jun 2023 17:54:26 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=8e6c.649dc552.k2306; bh=3+DQQchWOz17QhFFE/3LnBif5iPXT4YnWRTG+7E9mrE=; b=w2sBy+OcrMV+CM6yL2xMVGzuOq+tjD9qVLZYRhTSAfL2baNsFu1m0Yz8+nq3FA7ydBeB/IoYZS3/uiS9P+StiQ/tb0fYx6wHwKs0kkSDvbYP2lGhcRB6/D35QpLyLmv8a1g/Ytw+f+Q+1m6d9YdwvL7DiW55IZuFLarQ0W0B+aT7WFAnftJyxMSypj7iHmju2cWcSMFYOAsypja21sR2JKOm0GLvDkYBtD0IwBdHm7EIRekhsEtrgiTZhgQV+DzZfi1oxg1jptsIaY9Z5KKR4rQJJAFcJwgUFd76rKo72fVz47SHIy/paMRdxiM4vbtT9WxZjwb6SsKfdR/H74Fq3A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=8e6c.649dc552.k2306; bh=3+DQQchWOz17QhFFE/3LnBif5iPXT4YnWRTG+7E9mrE=; b=ASS64ipCM26rbZQHnvKsy8mj2/pFJRSO3Bm5o/vAugk5uDHB2Fbb027JMeYE7F9RCGDECkj/EgZuSjZ4en/C3NjQQfB3+h3L0to1Yu3HajFfn80FyJjcf6HrHAg6icFUd7UZ7prLbhWA5DYK3+wLHno/Q/x3AYXCGMXdiEQsW5a1i7OdK2jcxlWdy6HuqeaaX2t4TTIJG/EBmeqeCD7EFOVyrPawfve+UHXdOJ53W3XYCu0HzBwFFc8G1vobQ/NprSaNdUumC7DQn69ulqA0p8s9WGrlB18aaX2Si6p2LhDRL4ZOvftcEuRmDPkMkxLXb6b3qRgsxIjPwoq+2EUQow==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 29 Jun 2023 17:54:26 -0000
Received: by ary.qy (Postfix, from userid 501) id 9517EFD1E5D9; Thu, 29 Jun 2023 13:54:25 -0400 (EDT)
Date: Thu, 29 Jun 2023 13:54:25 -0400
Message-Id: <20230629175425.9517EFD1E5D9@ary.qy>
From: John Levine <johnl@taugh.com>
To: architecture-discuss@ietf.org
Cc: tte@cs.fau.de
In-Reply-To: <ZJy7d0CjipV0s1SF@faui48e.informatik.uni-erlangen.de>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/N0q5Iw5-UguO3mMeCQEHhgLQK-0>
Subject: Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jun 2023 17:54:32 -0000

It appears that Toerless Eckert  <tte@cs.fau.de> said:
>Might not even need to have biometric verification if one assumes (IMHO rightfully so),
>that the chance of borrowing cell phones to someone else is pretty slim. And even slimmer
>when one puts some less intrusive incentives onto the cell phone to to not borrow them
>for such purpose.

Um, were you ever a teenager?

I can imagine ways to do this that mitigate the privacy risk but only
with a TTP at some point. For example, there's a device at the bar
that takes your picture and sends it to the phone using NFC along with
the minimum admission age. The phone compares the picture to the one
stored internally, and returns a yes/no result with a chain of
signatures back to the TTP so the bar's device knows it's credible.
(Yeah, they have your picture, but they don't need any fancy equipment
to take pictures of everyone who comes in.  They don't have your name or
anything other than the yes/no that you're the same person and you are
at least the required age.)

The automated immigration machines at Canadian airports do something
like this although the master photo is in their database, not on the
card.

But this is subtle and I agree both that it is worth thinking about
and that the scope of inquiry needs to be firmly limited to avoid
ocean boiling.

R's,
John

v2.23.0 | Report a Bug | By Email