Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)

[Toerless Eckert <tte@cs.fau.de>]

As long as we keep e.g.: corporate naming schemes such as eckert-<whatever>
for all equipment assigned to me at some employer, i am sure that the
trackers will be happy to have us develop hardly tracable user-identity
for us as people. 

Translation: tongue in cheek example for how device identity/naming may undermine
user identity, and that i fear such outcome will be more likely if we ignore it
in the process we're about to engage in.

But i think this is just a reminder of what i think Eliot brought up when
starting this whole sub-thread.

Cheers
    Toerless

On Sat, Aug 19, 2023 at 09:00:42PM -0400, Phillip Hallam-Baker wrote:
> On Sat, Aug 19, 2023 at 8:22 PM Hesham ElBakoury <helbakoury@gmail.com>
> wrote:
> 
> > Is there a decision regarding whether device identity should be included
> > in the program or not for device-to-device and device-to-network?
> >
> > Thanks
> >
> That is a good question at many levels.
> 
> First off, we did have a working solution for establishing corporate
> identity on the Web for almost 20 years. Some of that work is still
> relevant to attempting to credential or identify people. And understanding
> why attempts to extend the WebPKI model to people failed is also relevant.
> 
> Secondly, I think we need to take device identity separate from service and
> user identity. These should be considered separate concerns.
> 
> 
> Let's consider the case where Alice is going to use a site hosted on
> MegaSite which has 2000 domains on the same IPv4 address. We would like to
> encrypt the initial contact so Eve doesn't know which one. There are two
> ways we can do this. One is to delay notice of the service we want to
> connect to until after we have received a public key, i.e. the second IP
> packet. The other is to stuff a public key into the DNS.
> 
> In either case, that public key is really a host public key, not a service
> public key.
> 
> 
> When looking at the next generation of security solutions, I believe we are
> going to be focused on separation of roles, one technique for that is
> threshold of course but it isn't the only one. Cryptographic hygiene, using
> separate keys for separate applications, being able to track back
> administration actions to specific individuals and specific devices becomes
> critical.
> 
> For example, Alice has her car broken into and her laptop stolen. The
> attacker may have been able to bypass the authentication on the device and
> SSH into the machines Alice administers. But did they? Only way to be sure
> is if we have logs that show which actual device connected and that means
> Alice using a different SSH key for each device.

> _______________________________________________
> Architecture-discuss mailing list
> Architecture-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/architecture-discuss


-- 
---
tte@cs.fau.de