IETF Logo Mail Archive

Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)

Toerless Eckert <tte@cs.fau.de> Wed, 28 June 2023 23:05 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0506C151083 for <architecture-discuss@ietfa.amsl.com>; Wed, 28 Jun 2023 16:05:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.647
X-Spam-Level:
X-Spam-Status: No, score=-6.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b8CmeEabqPqq for <architecture-discuss@ietfa.amsl.com>; Wed, 28 Jun 2023 16:05:13 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 624EDC151073 for <architecture-discuss@ietf.org>; Wed, 28 Jun 2023 16:05:12 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id 4Qrxxc2HGkznkVZ; Thu, 29 Jun 2023 01:05:08 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4Qrxxc1bYmzkwHt; Thu, 29 Jun 2023 01:05:08 +0200 (CEST)
Date: Thu, 29 Jun 2023 01:05:08 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Glenn Deen <rgd.ietf@gmail.com>, Pieter Kasselman <pieter.kasselman=40microsoft.com@dmarc.ietf.org>, "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>
Message-ID: <ZJy8pGbIireZwCH5@faui48e.informatik.uni-erlangen.de>
References: <CADNypP_csCfe1W4ZMUhtQkurDKS+=FBDiGY7OaW4b37ipoKckQ@mail.gmail.com> <e553cc3e-5c3e-46e9-baf1-fe41af2e90c1@betaapp.fastmail.com> <CADNypP8WPOoPkFfn5o-dbRB50bXRT2yvhA6Y18RcrkRsJLb14w@mail.gmail.com> <4a2c5184-692b-4e2c-b1e8-7e480c60e897@betaapp.fastmail.com> <DBAPR83MB0422C8933498E0924D2C7F1B9124A@DBAPR83MB0422.EURPRD83.prod.outlook.com> <f669ff24-b9de-f320-4aae-b403903a74aa@huitema.net> <ZJyCp059sflHuQjb@faui48e.informatik.uni-erlangen.de> <CABcZeBP57fQjT2XJDvq1_Cy-wzSMP-oEwYy_0DHWmu1Qzztz0Q@mail.gmail.com> <E5C75D80-DF06-4A6B-81B6-AE834BA6696D@gmail.com> <CABcZeBPyrLmA6EGdRQ4g1g+qycaUu4jWoHwaRios5A-84Kn-Sg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CABcZeBPyrLmA6EGdRQ4g1g+qycaUu4jWoHwaRios5A-84Kn-Sg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/i9Gh6frWOI6gO8G1TBWKZKk7izU>
Subject: Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jun 2023 23:05:18 -0000

"All difficult crypto problems can be solved with a sufficient number of trusted third parties."

;-))

(not sure who said it first, i heard it first from KennyP).


On Wed, Jun 28, 2023 at 12:13:36PM -0700, Eric Rescorla wrote:
> Yes, I agree that that's what you want, but I don't think it's feasible for
> the reasons I indicated,
> which is that they inevitably end up with some sort of description of your
> identity. Now, it's true
> that a photo isn't as convenient a lookup key as a name, but facial
> recognition is quite powerful
> and getting moreso all the time.
> 
> -Ekr
> 
> 
> On Wed, Jun 28, 2023 at 12:11 PM Glenn Deen <rgd.ietf@gmail.com> wrote:
> 
> >
> >
> > On Jun 28, 2023, at 12:06 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> >
> > On Wed, Jun 28, 2023 at 11:58 AM Toerless Eckert <tte@cs.fau.de> wrote:
> >
> >> +1. Well said.
> >>
> >> IMHO, such credentials solution are not only a challenge butalso an
> >> opportunity for work in IETF. Such as for anonymized authorizations.
> >>
> >> E.g.: Imagine instead of having to show a drivers license when buying
> >> alcohol and
> >> worst case the drivers license is scanned and abused for identity fraud.
> >> Instead you perform
> >> an anonymous authorization that you are over 18 by NFC via your cell
> >> phone.
> >>
> >
> > Now we are getting into the actual work, but I think this is a pretty good
> > example
> > of the limitations of this kind of anonymous credential.
> >
> > For instance, if you are at a bar and you want to purchase alcohol, the
> > person
> > selling it to you needs to know that the person in front of them is old
> > enough.
> > It's not enough to just show them a zero-knowledge proof that your phone
> > has
> > a credential proving that you are over 18 (21 in the US) you actually need
> > to prove
> > that the person in front of them is over age, which means that the proof
> > has to be
> > tied to a biometric (typically a photo). But at that point, the biometric
> > is usable for
> > facial recognition even if your name is hidden.
> >
> > See https://educatedguesswork.org/posts/vaccine-passport-anon/ for some
> > more
> > on this general topic, though more about COVID.
> >
> > The systems where this kind of selective proof technology works better are
> > those
> > where what's being authenticated is some sort of digital operation. For
> > instance,
> > you might want to prove you are a Netflix subscriber but not have Netflix
> > know
> > who is watching what videos. This works because the credential is just tied
> > to your device, not to you personally (yes, I know it's more complicated
> > than this).
> > But it works less well when you have avoid attacks where one person
> > impersonates
> > another.
> >
> > -Ekr
> >
> >
> > In addition to the trusted assertion of age threshold validity, you’d also
> > like to be able keep the challenger from collecting your personal
> > information or any one use the age challenge to collect that you personally
> > were in the bar and what you did there.
> >
> > -glenn
> >

-- 
---
tte@cs.fau.de

v2.23.0 | Report a Bug | By Email