IETF Logo Mail Archive

Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 28 June 2023 23:52 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D059AC14CE2F for <architecture-discuss@ietfa.amsl.com>; Wed, 28 Jun 2023 16:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.55
X-Spam-Level:
X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.096, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZCLVmbhDKLpu for <architecture-discuss@ietfa.amsl.com>; Wed, 28 Jun 2023 16:51:59 -0700 (PDT)
Received: from mail-oa1-f48.google.com (mail-oa1-f48.google.com [209.85.160.48]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3ACFC14CE38 for <architecture-discuss@ietf.org>; Wed, 28 Jun 2023 16:51:59 -0700 (PDT)
Received: by mail-oa1-f48.google.com with SMTP id 586e51a60fabf-1b0719dd966so98191fac.1 for <architecture-discuss@ietf.org>; Wed, 28 Jun 2023 16:51:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687996319; x=1690588319; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vapYrPqghPpyu3pRQHzKh43cYPB/a6YAqMWLCrm4ofg=; b=i7lQB8uzsMD4Oxg7lq3uxYZeiiaunfMeYsCqgUtFyeAMMRhsWJF1Z+d0j7pZkp9KEk qTDqiALuG1OFZ5iO9fHApBgoqJVXnMwUUIwNeW3xDsBtzYwIsnTkad8BsR/rf+n+cGaZ bjID0G7tIBBRGoYTK++DKikhFODApEw3T46DNgQRHzpPls368J8Y3/49tWezRxeju3OQ C4EgJ4g/TQpxsaPLhmgEVuGKcxf4ItFkY0d+CivM6xdDj55/p7m9WukdeJmzrpG31+ZV YhDv3A81uuAunn9zXoig64EyB3DCaLlBMZmV8R9Eycf7+pYRWr5Zuo2J5lKJQv/Fn6ac ih2w==
X-Gm-Message-State: AC+VfDwXtNtBoqKrVOSP0RZw0kkKF53emtP7XJg85KqY3sWeQuFuATsz 2dyGaP/cKTDvzAgzKg7k4FsRqOZPgzonjWAA4Yw=
X-Google-Smtp-Source: ACHHUZ4bV1SY/U94LCW7/vWunj6jdMLDUrFPo/946/FCgA8Hjt4JJhxIZLo3xvNuSmT4yvdKte2LqkS7/AJ4fCEkOI0=
X-Received: by 2002:a05:6870:e283:b0:1b0:3821:f09a with SMTP id v3-20020a056870e28300b001b03821f09amr9758618oad.14.1687996318812; Wed, 28 Jun 2023 16:51:58 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP_csCfe1W4ZMUhtQkurDKS+=FBDiGY7OaW4b37ipoKckQ@mail.gmail.com> <e553cc3e-5c3e-46e9-baf1-fe41af2e90c1@betaapp.fastmail.com> <CADNypP8WPOoPkFfn5o-dbRB50bXRT2yvhA6Y18RcrkRsJLb14w@mail.gmail.com> <4a2c5184-692b-4e2c-b1e8-7e480c60e897@betaapp.fastmail.com> <DBAPR83MB0422C8933498E0924D2C7F1B9124A@DBAPR83MB0422.EURPRD83.prod.outlook.com> <f669ff24-b9de-f320-4aae-b403903a74aa@huitema.net> <ZJyCp059sflHuQjb@faui48e.informatik.uni-erlangen.de> <CABcZeBP57fQjT2XJDvq1_Cy-wzSMP-oEwYy_0DHWmu1Qzztz0Q@mail.gmail.com> <E5C75D80-DF06-4A6B-81B6-AE834BA6696D@gmail.com> <CABcZeBPyrLmA6EGdRQ4g1g+qycaUu4jWoHwaRios5A-84Kn-Sg@mail.gmail.com> <ZJy8pGbIireZwCH5@faui48e.informatik.uni-erlangen.de>
In-Reply-To: <ZJy8pGbIireZwCH5@faui48e.informatik.uni-erlangen.de>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 28 Jun 2023 19:51:46 -0400
Message-ID: <CAMm+Lwh73WfBcQ-ixcXDwg+PoN+3zMtJOCXpHVVZMSN+PYFUCA@mail.gmail.com>
To: Toerless Eckert <tte@cs.fau.de>
Cc: Eric Rescorla <ekr@rtfm.com>, Pieter Kasselman <pieter.kasselman=40microsoft.com@dmarc.ietf.org>, "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f7139605ff394456"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/viLXligp3JpFUojQCrB7ePOImm8>
Subject: Re: [arch-d] Proposed IAB program on Wholistic Human-Oriented Discussions on Identity Systems (WHODIS)
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jun 2023 23:52:03 -0000

Not just crypto.

Most security problems become easy if you introduce a party considered 100%
trustworthy: crowd sourced reviews, police, etc. etc.

One of the main reasons I loathe the term 'zero trust' is that it
encourages people to do the exact opposite of what it is supposed to be
about and simply deny, deny, deny the fact that a party is trusted and that
there must always be trusted parties rather than think about how to manage
that trust through separation of roles and accountability.




On Wed, Jun 28, 2023 at 7:05 PM Toerless Eckert <tte@cs.fau.de> wrote:

>
> "All difficult crypto problems can be solved with a sufficient number of
> trusted third parties."
>
> ;-))
>
> (not sure who said it first, i heard it first from KennyP).
>
>
> On Wed, Jun 28, 2023 at 12:13:36PM -0700, Eric Rescorla wrote:
> > Yes, I agree that that's what you want, but I don't think it's feasible
> for
> > the reasons I indicated,
> > which is that they inevitably end up with some sort of description of
> your
> > identity. Now, it's true
> > that a photo isn't as convenient a lookup key as a name, but facial
> > recognition is quite powerful
> > and getting moreso all the time.
> >
> > -Ekr
> >
> >
> > On Wed, Jun 28, 2023 at 12:11 PM Glenn Deen <rgd.ietf@gmail.com> wrote:
> >
> > >
> > >
> > > On Jun 28, 2023, at 12:06 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> > >
> > > On Wed, Jun 28, 2023 at 11:58 AM Toerless Eckert <tte@cs.fau.de>
> wrote:
> > >
> > >> +1. Well said.
> > >>
> > >> IMHO, such credentials solution are not only a challenge butalso an
> > >> opportunity for work in IETF. Such as for anonymized authorizations.
> > >>
> > >> E.g.: Imagine instead of having to show a drivers license when buying
> > >> alcohol and
> > >> worst case the drivers license is scanned and abused for identity
> fraud.
> > >> Instead you perform
> > >> an anonymous authorization that you are over 18 by NFC via your cell
> > >> phone.
> > >>
> > >
> > > Now we are getting into the actual work, but I think this is a pretty
> good
> > > example
> > > of the limitations of this kind of anonymous credential.
> > >
> > > For instance, if you are at a bar and you want to purchase alcohol, the
> > > person
> > > selling it to you needs to know that the person in front of them is old
> > > enough.
> > > It's not enough to just show them a zero-knowledge proof that your
> phone
> > > has
> > > a credential proving that you are over 18 (21 in the US) you actually
> need
> > > to prove
> > > that the person in front of them is over age, which means that the
> proof
> > > has to be
> > > tied to a biometric (typically a photo). But at that point, the
> biometric
> > > is usable for
> > > facial recognition even if your name is hidden.
> > >
> > > See https://educatedguesswork.org/posts/vaccine-passport-anon/ for
> some
> > > more
> > > on this general topic, though more about COVID.
> > >
> > > The systems where this kind of selective proof technology works better
> are
> > > those
> > > where what's being authenticated is some sort of digital operation. For
> > > instance,
> > > you might want to prove you are a Netflix subscriber but not have
> Netflix
> > > know
> > > who is watching what videos. This works because the credential is just
> tied
> > > to your device, not to you personally (yes, I know it's more
> complicated
> > > than this).
> > > But it works less well when you have avoid attacks where one person
> > > impersonates
> > > another.
> > >
> > > -Ekr
> > >
> > >
> > > In addition to the trusted assertion of age threshold validity, you’d
> also
> > > like to be able keep the challenger from collecting your personal
> > > information or any one use the age challenge to collect that you
> personally
> > > were in the bar and what you did there.
> > >
> > > -glenn
> > >
>
> --
> ---
> tte@cs.fau.de
>
> _______________________________________________
> Architecture-discuss mailing list
> Architecture-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/architecture-discuss
>

v2.23.0 | Report a Bug | By Email