Re: [Din] WSJ article on Identity and Blockchains
Jehan Tremback <jehan@altheamesh.com> Mon, 23 April 2018 19:10 UTC
Return-Path: <jehan@altheamesh.com>
X-Original-To: din@ietfa.amsl.com
Delivered-To: din@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF26126C0F for <din@ietfa.amsl.com>; Mon, 23 Apr 2018 12:10:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rRYwMiAQQLWB for <din@ietfa.amsl.com>; Mon, 23 Apr 2018 12:10:18 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF25D126B6E for <din@irtf.org>; Mon, 23 Apr 2018 12:10:18 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 0FED621A21 for <din@irtf.org>; Mon, 23 Apr 2018 15:10:18 -0400 (EDT)
Received: from web4 ([10.202.2.214]) by compute6.internal (MEProxy); Mon, 23 Apr 2018 15:10:18 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=tpixBV A8YqWb/DLvhsvTCLViHFNkGA942yjnzRl1C7Q=; b=c5dd/VUqNxzupMCoCYbA3s e0pCqVP5J44J8kO9Nl91v/q0SZyC3l8QYs5spJ+YiUD4i5jwQcDUssyxTxTTKsQa Jmh5TCujg4QWJFEaS/+DObyI+jhZEyHA9tQxZvsuIGEjUbSgyKekcF0RGeOHbges wOz31r27VDCA/YKMPLz5dd9YaQSTaN5jYH9BE2VSSC6bcjHbsfD23YJv7Gycbqm8 Ykt2KoEOs/aA/IYEtlD+SwqW73ZiK8unzvT0QOy0NE8IOR+7VPj/4gqMh44DkOFS +UY/2YMI8Uh1+a0ifYTXmHmlqY0xUNaGPgkxuSOoWtGkagqSlXHkgmJl9LWq+Z6Q ==
X-ME-Sender: <xms:mS_eWvR6cSSo3h5XOtRXYCkVJ6bVwtnufFyoDqt_lmwYj9eV7_2trQ>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id DB56EBA780; Mon, 23 Apr 2018 15:10:17 -0400 (EDT)
Message-Id: <1524510617.1799095.1348018112.59AF727D@webmail.messagingengine.com>
From: Jehan Tremback <jehan@altheamesh.com>
To: din@irtf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-f3006b89
Date: Mon, 23 Apr 2018 12:10:17 -0700
In-Reply-To: <8dae9467-f190-6903-56d8-99a7effd4954@gmail.com>
References: <5E393DF26B791A428E5F003BB6C5342AE73F70FC@OC11EXPO33.exchange.mit.edu> <E1f57in-0004gH-Gx@mta0.cl.cam.ac.uk> <CAPaG1Amqd8DehMpvht8zEPzqHg00wqYcUDXb0g-bQebTvbXWzw@mail.gmail.com> <fb88b314-c402-7f39-79ea-01c46fdf16ec@gmail.com> <CAPaG1A=uRzy53zY2LFe6+EnNP2k8aheaAtNm9kXG3MDqU7pU1g@mail.gmail.com> <8dae9467-f190-6903-56d8-99a7effd4954@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/din/JKeAMYqnkqYSZk0fh1c9qu4tRho>
Subject: Re: [Din] WSJ article on Identity and Blockchains
X-BeenThere: din@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <din.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/din>, <mailto:din-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/din/>
List-Post: <mailto:din@irtf.org>
List-Help: <mailto:din-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/din>, <mailto:din-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2018 19:10:21 -0000
As far as I understand the use-case of blockchain in KYC (from the perspective of someone who is vouching for an identity), the main thing is that you can sign off that someone meets some standard of identification (they have a certain address, net worth, etc) and then put it on the blockchain. Of course you could also just give them the signature to present when they need to use it. But putting it on the blockchain allows you to revoke it later. -- Jehan Tremback jehan@altheamesh.com On Sun, Apr 22, 2018, at 7:29 PM, Brian E Carpenter wrote: > Arjuna > > On 16/04/2018 20:42, Arjuna Sathiaseelan wrote: > > this is something we are working on via https://www.verif-y.com/ > > "The Verif-y KYC service allows businesses utilizing blockchain > technology to trust unknown customers and token purchasers in an > efficient, auditable and secure manner." > > I'm confused. KYC is largely about detecting money laundering, and other > malfeasance, so the last thing a KYC desk cares about is unknown > customers. On the contrary, they want to know the legal identity of the > customer and of the source of funds. Direct access to PII is part of the > process. > > Believe me, I've been there, not 10 km from cl.cam.ac.uk, when my bank > tried to cut me off from my money soon after I relocated from Auckland > to Cambridge in 2012. Somehow they had failed to update my residence > address and I had to get documents certified and rubber-stamped at > Cambridge police station, and sent by snail mail to the bank's KYC desk, > before we got our money back. How does block chain solve that? (Not a > rhetorical question; I would really like to understand.) > > Brian > > > > > hope to get some experiences and I would share here for sure. > > > > Regards > > > > On 9 April 2018 at 02:44, Brian E Carpenter <brian.e.carpenter@gmail.com> > > wrote: > > > >> On 09/04/2018 10:28, Arjuna Sathiaseelan wrote: > >>>> > >>>> 2/ I though many people in the security community were moving away from > >>>> proving identity, towards systems that prove entitlement (i.e. > >> credentials > >>>> are on a need-to-know basis, so if you were say 19, you don't need to > >> say > >>>> yur age or show id, > >>>> but you can't buy a drink in cambridge MA, but you can in cambridge, UK > >> :) > >>>> > >>> > >>> digital id plays a major role for all the KYC/AML - massive market.. + > >> for > >>> employment etc.. > >> > >> Right, but *international* digital ID is a hopeless mess. Just try dealing > >> with a USA bank's KYC department when living in New Zealand with a UK > >> passport. Nothing works. > >> > >> That isn't a marginal case. Tens or hundreds of millions of people > >> would need cross-border digital ID these days. Sales argument: would > >> help to defeat money laundering. > >> > >> Brian > >> > >>> like the idea of proving entitlement - works nicely with crypto > >>> charities/aid delivery.. > >>> > >>> Regards > >>> > >>> > >>> > >>> > >>>> bootstrapping something from a BC to provide the credentials is also > >>>> problematic, in that > >>>> BC needs a PKI to know whether nodes are not sybils, spoofs, etc, so we > >>>> have a circular dependance, no? > >>>> > >>>> maybe i missed an important step, if so, sorry! > >>>> > >>>> > >>>>> Folks, > >>>>> > >>>>> I thought to share this WSJ article with the DIN group. Relevant in the > >>>>> light of recent interest in using BC for identity. > >>>>> > >>>>> Advance apologies if it offends some people :-) > >>>>> > >>>>> https://blogs.wsj.com/cio/2018/04/03/digital-identity- > >>>> is-broken-heres-a-way-to-fix-it/ > >>>>> > >>>>> > >>>>> Below is a link to a PDF version. > >>>>> > >>>>> http://hardjono.mit.edu/sites/default/files/documents/WSJ_ > >>>> Digital_Identity_is_Broken.pdf > >>>>> > >>>>> > >>>>> Best > >>>>> > >>>>> -- thomas -- > >>>>> > >>>>> _______________________________________________ > >>>>> Din mailing list > >>>>> Din@irtf.org > >>>>> https://www.irtf.org/mailman/listinfo/din > >>>>> > >>>> _______________________________________________ > >>>> Din mailing list > >>>> Din@irtf.org > >>>> https://www.irtf.org/mailman/listinfo/din > >>>> > >>> > >>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> Din mailing list > >>> Din@irtf.org > >>> https://www.irtf.org/mailman/listinfo/din > >>> > >> > >> _______________________________________________ > >> Din mailing list > >> Din@irtf.org > >> https://www.irtf.org/mailman/listinfo/din > >> > > > > > > > > _______________________________________________ > Din mailing list > Din@irtf.org > https://www.irtf.org/mailman/listinfo/din
- [Din] WSJ article on Identity and Blockchains Thomas Hardjono
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains Jon Crowcroft
- Re: [Din] WSJ article on Identity and Blockchains Thomas Hardjono
- Re: [Din] WSJ article on Identity and Blockchains Jon Crowcroft
- Re: [Din] WSJ article on Identity and Blockchains Thomas Hardjono
- Re: [Din] WSJ article on Identity and Blockchains Arjuna Sathiaseelan
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains Thomas Hardjono
- Re: [Din] WSJ article on Identity and Blockchains Diego R. Lopez
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains David Mazieres
- Re: [Din] WSJ article on Identity and Blockchains Thomas Hardjono
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains David Mazieres
- Re: [Din] WSJ article on Identity and Blockchains Arjuna Sathiaseelan
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains Jehan Tremback
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains Jehan Tremback