IETF Logo Mail Archive

Re: [Din] WSJ article on Identity and Blockchains

Jon Crowcroft <jon.crowcroft@cl.cam.ac.uk> Sun, 08 April 2018 14:20 UTC

Return-Path: <crowcroft@gmail.com>
X-Original-To: din@ietfa.amsl.com
Delivered-To: din@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE55B127444 for <din@ietfa.amsl.com>; Sun, 8 Apr 2018 07:20:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jd9xQkUKrEvu for <din@ietfa.amsl.com>; Sun, 8 Apr 2018 07:20:14 -0700 (PDT)
Received: from mail-wr0-x235.google.com (mail-wr0-x235.google.com [IPv6:2a00:1450:400c:c0c::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97F20126DED for <din@irtf.org>; Sun, 8 Apr 2018 07:20:13 -0700 (PDT)
Received: by mail-wr0-x235.google.com with SMTP id c24so5870771wrc.6 for <din@irtf.org>; Sun, 08 Apr 2018 07:20:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=a9o9q0JVmPUquSNtTL5JKse3oeTaMmYuc4uqM8os3vA=; b=M6mma9aYexUEoHtoFJ7QXLt7QWaBO6Qtibr9UmjKov/rhtw/FOSpv9wfqelNpgIPha Ksfd2KJC9dz78KTy+qQEeXzNDWjXezOzN09fZpyU51RXB5jr9t1QSV/OL8yka2zr+wxD FUui7wIjSGzxEiFL/0T2OcVVx2BgTuoTy9YUtqPOZvA65hns4aIKkugKuY+7TomHjZW+ 6BLBnNbZeNslXY9XRfTIgV5CZldGNTUTUV9naS8azAIUrhAUl9yAN1yEcNj6OllyGKBG EvqkdHyvygZkc+5KDnGkqiDFuWJBDAmlsOTJY+x8AxRM1hLl8S7rIXFKqE8rPoCfDxH2 xM7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=a9o9q0JVmPUquSNtTL5JKse3oeTaMmYuc4uqM8os3vA=; b=lJHW1QNNVpPkpiHN7Fy0S3DdmsjnT7PZ8OQMMqkPfFLYGw57cLW2sla1InbXfQqmXp U3UO6B6E0fwGmj6xc4p3JKhZwlulmH86wLozNziGA6ipwcOxSvF7cZ+X0JS9jy59QhXq hiFkdpsU0qtmI3o07+i4rR/OVhGUSx/+r99esg/zFVmwFL3s463nqIpE4nz18sHgJXHG CMTjYWC789RDrdM366d591yaRM3cSGWNSJUItJF1OuCL+xivfOldreh0C0nJEYo0G7/Z xMS2AH7rjIzPohZwzIa93IUdf8qQy37086GqJ8nrV4tKECFFA+JHYtjUX/EWFL2a8RFT ZmMw==
X-Gm-Message-State: ALQs6tCkVnqrRrJSmwtmVo+ijZFQcwQHdR1jUpMecvAh6gHcJMvGOxII LzbvXiLadXe6eU2HKNcET0Ovnqzrh8jXXmB+fjA=
X-Google-Smtp-Source: AIpwx49stqjJQ+E98RHnP8AQCL/2NhIoRU3BJSVNCKgd+QtnHiBqG5bntZaGYmoIiNZ+1tucbuuxAsg6NQtlAysQUGE=
X-Received: by 10.223.219.10 with SMTP id s10mr4237383wri.241.1523197212043; Sun, 08 Apr 2018 07:20:12 -0700 (PDT)
MIME-Version: 1.0
Sender: crowcroft@gmail.com
Received: by 10.28.167.86 with HTTP; Sun, 8 Apr 2018 07:20:10 -0700 (PDT)
In-Reply-To: <5E393DF26B791A428E5F003BB6C5342AE73FCF8A@OC11EXPO33.exchange.mit.edu>
References: <5E393DF26B791A428E5F003BB6C5342AE73F70FC@OC11EXPO33.exchange.mit.edu> <E1f57in-0004gH-Gx@mta0.cl.cam.ac.uk> <5E393DF26B791A428E5F003BB6C5342AE73FCF8A@OC11EXPO33.exchange.mit.edu>
From: Jon Crowcroft <jon.crowcroft@cl.cam.ac.uk>
Date: Sun, 08 Apr 2018 15:20:10 +0100
X-Google-Sender-Auth: voWVgPUn_JfDNDC5KJlfOe4hzbA
Message-ID: <CAEeTej+Oc1o4ScV9fvZ-1cWb-YUvN7XhHtx9BAV7uB04Htt3=g@mail.gmail.com>
To: Thomas Hardjono <hardjono@mit.edu>
Cc: "din@irtf.org" <din@irtf.org>
Content-Type: multipart/alternative; boundary="883d24f249c4bf2d75056956fcb7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/din/Ne2d7vgYHZTdzhP5OGaWcJZdmtc>
Subject: Re: [Din] WSJ article on Identity and Blockchains
X-BeenThere: din@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <din.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/din>, <mailto:din-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/din/>
List-Post: <mailto:din@irtf.org>
List-Help: <mailto:din-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/din>, <mailto:din-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Apr 2018 14:20:17 -0000

this al sounds excellent - socially rooted, community operated communities
- all good - we could think of building instances of this on the
infrastructure we've been constructing (i know there are lots of other
people building similar, so this is a bit of gratuitous
self-aggrandizing:), viz
http://www.databoxproject.uk/

there are some decentralisation movements in the certificate space (CA
transparency) as wel as self-certifying address allocation. so I assume
there's some hope for using these to bootstrap the platforms-on-demand,
safely for  communities you're envisaging -

we're definitely on same page here!


On Sun, Apr 8, 2018 at 3:06 PM, Thomas Hardjono <hardjono@mit.edu> wrote:

>
> Thanks Jon.
>
> Aside from the obvious goal of cutting through the current hype about
> "Self-Sovereign Identity" and how Blockchains (BC) will achieve "my
> sovereignty",  we wanted to communicate to the general  reader that the
> problem of "identity" is not so simple.
>
> >>> so you _are_ your social network...in terms of trustworthy
> identity...sure...
>
> No, not so simple, particularly when the social network is FB :-)
>
>
> >>> there's two problems with this though in details...
> >>> i.e. how we build on this idea technically in the Din context...
>
> >>> 1/ its still dependent on technologies,
> >>> and there's a seperate issue of why we trust them to proxy our social
> net -
> >>> i certainly would it find it hard to trust any social media app,
> running on a cloud platform,
> >>> using a smart mobile device, to vouch for all these friends &
> colleagues - too many layers, too many
> >>> vested interests, too much Cambridge Analytica :)
>
> You've hit the nail, as usual - thank you Jon :-)
>
> The question is how to capture/use/protect the human-to-human interaction
> as the basis for trust ("local trust").
>
> Here is an example. So my local town here in the US has a private
> mailing-list for local residents only. I have to attend town meetings
> in-person before I can get on to that mailing-list.
>
> There is no reason why my local town cannot run their own "social
> platform" (we are in the age of VMs, Containers, Clouds).  It must legally
> owned by the town/community, and available to residents only (i.e. who pay
> local tax), etc.
>
> How do we create next-gen architectures/protocols/legal that support local
> communities to interact  on their own "social platform" , and become the
> starting point for "trust" that can scale out (called "local trust" in the
> WSJ paper).
>
>
> I think there is huge role for DIN to help. For the future distributed
> Internet infrastructure, is it possible to have the following:
>
> -- Can my town obtain a "social-platform-on-demand" from a cloud service
> provider.
> -- Can I legally prevent the service-operator from "making use" of my data
> (yes they still may be able to steal my data).
> -- Can I retain legal ownership of my data (same with my town).
> -- Can I encrypt my data on my town's social-platform so that the
> service-operator doesn't steal it.
> -- How to do key management.
> -- How can I use legal smart-contracts to bind the service-operator.
> -- Etc. etc. lots more questions for DIN RG.
>
>
>
> >>> 2/ I though many people in the security community were moving away from
> >>> proving identity, towards systems that prove entitlement (i.e.
> credentials
> >>> are on a need-to-know basis, so if you were say 19, you don't need to
> say yur age or show id,
> >>> but you can't buy a drink in cambridge MA, but you can in cambridge,
> UK :)
>
> Yes, correct. Currently people are focusing on proving entitlements via
> signed assertions. Great, no issue there. But the real question is about
> the *data* and *algorithms* behind those assertions (that impact my life,
> like credit-score):
>
> -- How do I know that an organization has subject-data about me (usual
> questions of "how, what, when, what are you doing to my data").
> -- What is the provenance of the data in their possession  (Did they get
> it from a data-aggregator? Do they even know?)
> -- Does the data set have in-built bias? (not intentionally)
> -- Is the data "fair"  (fairness in the sense of machine learning).
> -- What is the accuracy of the algorithms computed on my data. Does it
> propagate the bias in the data.
> -- Do I get to see the algorithms that impact my life.
> -- Can I hire an expert to provide objective review of these algorithms.
> -- etc. etc. etc.
>
>
>
> >>> bootstrapping something from a BC to provide the credentials is also
> problematic, in that
> >>> BC needs a PKI to know whether nodes are not sybils, spoofs, etc, so
> we have a circular dependance, no?
>
> Yes, agree.  There is need to revisit PKI again, maybe opportunity in DIN
> RG to improve it.
>
> Hashing an identifier (and back-links) to a BC doesn't help the
> identity/trust problems.
> Hashing a pub-key to a BC also doesn't add much.
>
>
> >>> maybe i missed an important step, if so, sorry!
>
> Nope, you are on the right track :-)  Hope you can help solve some these
> problems.
>
> Best.
>
>
> -- thomas --
>
> ________________________________________
> From: Jon Crowcroft [Jon.Crowcroft@cl.cam.ac.uk]
> Sent: Sunday, April 08, 2018 6:38 AM
> To: Thomas Hardjono
> Cc: din@irtf.org; Jon Crowcroft
> Subject: Re: [Din] WSJ article on Identity and Blockchains
>
> very nice article...
>
> so you _are_ your social network...in terms of trustworthy
> identity...sure...
>
> there's two problems with this though in details...
> i.e. how we build on this idea technically in the Din context...
>
> 1/ its still dependent on technologies,
> and there's a seperate issue of why we trust them to proxy our social net -
> i certainly would it find it hard to trust any social media app, running
> on a cloud platform,
> using a smart mobile device, to vouch for all these friends & colleagues -
> too many layers, too many
> vested interests, too much Cambridge Analytica :)
>
> 2/ I though many people in the security community were moving away from
> proving identity, towards systems that prove entitlement (i.e. credentials
> are on a need-to-know basis, so if you were say 19, you don't need to say
> yur age or show id,
> but you can't buy a drink in cambridge MA, but you can in cambridge, UK :)
>
> bootstrapping something from a BC to provide the credentials is also
> problematic, in that
> BC needs a PKI to know whether nodes are not sybils, spoofs, etc, so we
> have a circular dependance, no?
>
> maybe i missed an important step, if so, sorry!
>
>
> > Folks,
> >
> > I thought to share this WSJ article with the DIN group. Relevant in the
> > light of recent interest in using BC for identity.
> >
> > Advance apologies if it offends some people :-)
> >
> > https://blogs.wsj.com/cio/2018/04/03/digital-identity-
> is-broken-heres-a-way-to-fix-it/
> >
> >
> > Below is a link to a PDF version.
> >
> > http://hardjono.mit.edu/sites/default/files/documents/WSJ_
> Digital_Identity_is_Broken.pdf
> >
> >
> > Best
> >
> > -- thomas --
> >
> > _______________________________________________
> > Din mailing list
> > Din@irtf.org
> > https://www.irtf.org/mailman/listinfo/din
> >
>

v2.23.0 | Report a Bug | By Email