IETF Logo Mail Archive

Re: [Din] WSJ article on Identity and Blockchains

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 11 April 2018 20:35 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: din@ietfa.amsl.com
Delivered-To: din@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2071412AF84 for <din@ietfa.amsl.com>; Wed, 11 Apr 2018 13:35:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y0Yiw-9o26Ns for <din@ietfa.amsl.com>; Wed, 11 Apr 2018 13:34:58 -0700 (PDT)
Received: from mail-pf0-x231.google.com (mail-pf0-x231.google.com [IPv6:2607:f8b0:400e:c00::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 148DD1271FD for <din@irtf.org>; Wed, 11 Apr 2018 13:34:58 -0700 (PDT)
Received: by mail-pf0-x231.google.com with SMTP id f15so1643049pfn.0 for <din@irtf.org>; Wed, 11 Apr 2018 13:34:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=CprcTmn8r9VveZJYVKBEyH14fjDuNJDl3iRCGyWxdrw=; b=o3DE/L33pNtKv5SgkPgG7MW+d61yAaB/j1WSZ9TH6rc82T5SAwqo4wEYe7U1+tHgev bc5q4yXelxfJBltn3RWBZUbiDsVK/e8Qx2kj2KjtknbpKM8fCJ2rqn0VPRNQ5tLZTw5r aHHPNiW2cW1+gP9xeleGivk//0HGkyGRmzZRMjGnOc85UCLx5i1ui6CgWFEdrvbH00AX 95lHLAeSwP/4wAnVUdPzxtwNFY+Itmpx56m0wqsxaSn1dhH0d45c4E3lieVKn97J0Csk qE9jK48R7wxYPtt1gplicBS9Tpdy/VriffOQLo5OABHFXy8hyan1X4r3i0ER7neeXtD3 LUvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=CprcTmn8r9VveZJYVKBEyH14fjDuNJDl3iRCGyWxdrw=; b=c+hl/Y0WrhjORnSIYYFy6dgPofB7nxYe7eTMec3BYPxXts/JBLRXSUNbU1qOSm2nen BoM/ljqbOeFCIL6sUDvFQmo4OllSb/w77m8vwR0uzyawm2eluTDfI4982j0D5KcNE1xq TCVuxaaa63MNx6BmuO7aR8Gwju/uvVabohMIQcqogIGPAxk0eHhwnC+WfWvxgWlFQPvv 8ciSfVksFZIurpTgKqDkVZ9A1CJDPsOHGssS4OU1zq6poC0TjKQQPQiANORLMLoClezy uVUipWPO6KAGCFjPU1CK3WI8Y68fWkiTknXMB0seEhJV7GWMLtuJsCuXNlrN+W2gG+LD p31A==
X-Gm-Message-State: ALQs6tCaZp2XOV/UxbTi/mtUdvy5v3B7aD2ZxFDQPL9U47DS/YGBerk5 kyxrhB0HhS2YFC+3aUb/2fFJWQ==
X-Google-Smtp-Source: AIpwx4/bOKekeh9iZFKEaQ9txIoZ5M9XI8mKgfksqfm8OuU/uo4k/y171e9R+KZ9Mw9G2cpfVPRFIg==
X-Received: by 10.99.126.92 with SMTP id o28mr4529253pgn.50.1523478897269; Wed, 11 Apr 2018 13:34:57 -0700 (PDT)
Received: from [192.168.178.26] ([118.148.68.60]) by smtp.gmail.com with ESMTPSA id 133sm4205332pfy.113.2018.04.11.13.34.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Apr 2018 13:34:56 -0700 (PDT)
Sender: Brian Carpenter <becarpenter46@gmail.com>
To: Thomas Hardjono <hardjono@mit.edu>, David Mazieres expires 2018-07-09 PDT <mazieres-aty9ij5833stt63zi94a3ei2hi@temporary-address.scs.stanford.edu>, "din@irtf.org" <din@irtf.org>
References: <5E393DF26B791A428E5F003BB6C5342AE73F70FC@OC11EXPO33.exchange.mit.edu> <E1f57in-0004gH-Gx@mta0.cl.cam.ac.uk> <CAPaG1Amqd8DehMpvht8zEPzqHg00wqYcUDXb0g-bQebTvbXWzw@mail.gmail.com> <fb88b314-c402-7f39-79ea-01c46fdf16ec@gmail.com> <5E393DF26B791A428E5F003BB6C5342AE7404E4C@OC11EXPO33.exchange.mit.edu> <87h8oimwux.fsf@ta.scs.stanford.edu> <5E393DF26B791A428E5F003BB6C5342AE7408B6D@OC11EXPO33.exchange.mit.edu>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <f0d0d50d-3fbf-aaab-e100-a03e163149b8@gmail.com>
Date: Thu, 12 Apr 2018 08:34:56 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <5E393DF26B791A428E5F003BB6C5342AE7408B6D@OC11EXPO33.exchange.mit.edu>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/din/-2A4OaUj-dXOv2814Y-gAPPQ5tA>
Subject: Re: [Din] WSJ article on Identity and Blockchains
X-BeenThere: din@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <din.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/din>, <mailto:din-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/din/>
List-Post: <mailto:din@irtf.org>
List-Help: <mailto:din-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/din>, <mailto:din-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2018 20:35:00 -0000

On 12/04/2018 02:37, Thomas Hardjono wrote:
> 
> Hi David,
> 
> 
>>>>   2. We need some notion of a "symbolic link", so that I can name not
>>>>        just someone else's key, but someone else's name, as that's very
>>>>        powerful.
> 
> Yes the symbolic link is needed, but more importantly (and more difficult) is the binding to the owners person.  How do I know that the person Alice for pubkey X is the same Alice who owns pub key Y.

Do you need to know? Surely what you need to know is what capabilities to
grant to the holder of pubkey X, and what capabilities to grant to the
holder of pubkey Y. Alice might prefer to have disjoint identities for
different purposes. In some countries that might be essential for
personal safety.

   Brian
>>>> These points of course were ones that many of us were making in the
>>>> 1990s.  See, for instance SPKI/SDSI.
> 
> Agree, that was Car Ellison's proposal.
> 
> 
>>>> The blockchain is useful, but sort of orthogonal to the namespace
>>>> itself.  
> 
> Agree.
> 
> 
>>>> What it provides, that we couldn't do before, is the ability to
>>>> voluntarily restrict what you do with your own namespace.  E.g., maybe
>>>> you want to delegate a name and then restrict yourself from revoking it
>>>> without seven days notice.
> 
> Could we use DNSSEC for this? 
> 
> 
> -- thomas -- 
> 
> 
> ________________________________________
> From: David Mazieres [dm-list-ietf-ilc@scs.stanford.edu]
> Sent: Tuesday, April 10, 2018 8:04 PM
> To: Thomas Hardjono; Brian E Carpenter; din@irtf.org
> Subject: Re: [Din] WSJ article on Identity and Blockchains
> 
> Thomas Hardjono <hardjono@mit.edu> writes:
> 
>> Just like there is "autonomous systems" (AS) concept in routing and
>> connected via backbone routing, in the area of identity there needs to
>> be the equivalent of an AS.
> 
> Yes, but obviously AS numbers are centrally allocated and a flat
> namespace.  If we are going to have various identity providers, I would
> argue we need two things unlike AS numbers:
> 
>   1. The identifiers should be self-authenticating (public keys, not
>      integers), so allocation is "self-server," and
> 
>   2. We need some notion of a "symbolic link", so that I can name not
>      just someone else's key, but someone else's name, as that's very
>      powerful.
> 
> These points of course were ones that many of us were making in the
> 1990s.  See, for instance SPKI/SDSI.
> 
>> So anytime I hear about a global blockchain to rule them all, I cringe
>> :-)
> 
> The blockchain is useful, but sort of orthogonal to the namespace
> itself.  What it provides, that we couldn't do before, is the ability to
> voluntarily restrict what you do with your own namespace.  E.g., maybe
> you want to delegate a name and then restrict yourself from revoking it
> without seven days notice.
> 
> David
>

v2.23.0 | Report a Bug | By Email