Re: [Din] WSJ article on Identity and Blockchains

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 23 April 2018 22:48 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: din@ietfa.amsl.com
Delivered-To: din@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFA70124BE8 for <din@ietfa.amsl.com>; Mon, 23 Apr 2018 15:48:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dkDoh9RahQxj for <din@ietfa.amsl.com>; Mon, 23 Apr 2018 15:48:56 -0700 (PDT)
Received: from mail-pg0-x22f.google.com (mail-pg0-x22f.google.com [IPv6:2607:f8b0:400e:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2F60124319 for <din@irtf.org>; Mon, 23 Apr 2018 15:48:56 -0700 (PDT)
Received: by mail-pg0-x22f.google.com with SMTP id f132so9370308pgc.10 for <din@irtf.org>; Mon, 23 Apr 2018 15:48:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=759thNCNhv1qGPsKhieKeMYNYxukHfph2F4XyIDtRhs=; b=LSsmjt5FAzZE40Dy2dcUa3pq9pn8ashPO8yB4z5i/x3ZqW2usEPT3XOa2WPHevqO+K taq3B5GigR7bHNEZVl/yjSk08qcRmJ619A/3RdPO/uFsHHJOHckkZFD3pDiv03Dfavi0 l5eQsyGmq44xrAlkBMyk/sbfukwNC2SI/k2Xx5oBI7PDsvlbjPTYhoa1JXo7DmknMCcm nt4CagpOy9PrhT461SzNg05Vz1OzXD47F099YjvxD9nWU1s1A2qMOUV9+7CeWtUuUzV+ 0KjT1h4RH0wMueJeAUy/7tVUQ248d0VnuAtwnDJQGW70hx5w+/325LmXwiuaM620G5W6 OO9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=759thNCNhv1qGPsKhieKeMYNYxukHfph2F4XyIDtRhs=; b=Va+wrP+j+NCpZ9KbFwpTMP8qlhtq//lnumnNsXp0Ryh5mTd40QB/duLBwX1kbjbSdz Lr+NNWzfutml2AxHnkO79vVkkXmbMQ3TsCvFXJUmDGSCVfYGMUXw2MG6XKk1IRrsS5lO F6GdW5r5Wp1qh+ZFzB91CiR3Esm1GdTO3BpPkXmfrCJlAESe9il4MJvP92GhAnhTPmp7 R3thy/36zyZUigdxg/S8gyfVxoXK1auiJPeUOBrNqkNYYkbU8xuZpg76t+PAUWuWWDhh ZolSAjzjb+IWC2egbTfaP8nWvLqwHn0fqLRPC6LvxGP/FCgsopOxQU4OBvOxswD0Lp/J biSA==
X-Gm-Message-State: ALQs6tDU8enGua4nFunaWr4a9aeDVR+p3D/t9nCycujG6lE+rDB2lFAj RC0SSIsEZHOHV5l3yKohtT755A==
X-Google-Smtp-Source: AIpwx49wcts7pEQKv/+anFa7KCXwAu6E0JOT++Su0/YlqmhXXCBCGA5x2lkZBZc3ODAAuvR8ALqHpw==
X-Received: by 10.101.82.11 with SMTP id o11mr2583310pgp.152.1524523735957; Mon, 23 Apr 2018 15:48:55 -0700 (PDT)
Received: from [192.168.178.26] ([118.149.104.73]) by smtp.gmail.com with ESMTPSA id h26sm11438920pfn.106.2018.04.23.15.48.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Apr 2018 15:48:54 -0700 (PDT)
Sender: Brian Carpenter <becarpenter46@gmail.com>
To: Jehan Tremback <jehan@altheamesh.com>, din@irtf.org
References: <5E393DF26B791A428E5F003BB6C5342AE73F70FC@OC11EXPO33.exchange.mit.edu> <E1f57in-0004gH-Gx@mta0.cl.cam.ac.uk> <CAPaG1Amqd8DehMpvht8zEPzqHg00wqYcUDXb0g-bQebTvbXWzw@mail.gmail.com> <fb88b314-c402-7f39-79ea-01c46fdf16ec@gmail.com> <CAPaG1A=uRzy53zY2LFe6+EnNP2k8aheaAtNm9kXG3MDqU7pU1g@mail.gmail.com> <8dae9467-f190-6903-56d8-99a7effd4954@gmail.com> <1524510617.1799095.1348018112.59AF727D@webmail.messagingengine.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <5b0a095f-dbc9-de1d-b317-82d14fd4baa0@gmail.com>
Date: Tue, 24 Apr 2018 10:48:54 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <1524510617.1799095.1348018112.59AF727D@webmail.messagingengine.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/din/qBVBD0eCgjxmY4K3l8g1p2hPlRU>
Subject: Re: [Din] WSJ article on Identity and Blockchains
X-BeenThere: din@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <din.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/din>, <mailto:din-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/din/>
List-Post: <mailto:din@irtf.org>
List-Help: <mailto:din-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/din>, <mailto:din-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2018 22:49:00 -0000

On 24/04/2018 07:10, Jehan Tremback wrote:
> As far as I understand the use-case of blockchain in KYC (from the perspective of someone who is vouching for an identity), the main thing is that you can sign off that someone meets some standard of identification (they have a certain address, net worth, etc) and then put it on the blockchain. Of course you could also just give them the signature to present when they need to use it.
> 
> But putting it on the blockchain allows you to revoke it later.

Yes. But it was the "unkown" in "trust unknown customers and token purchasers" that puzzled me on the verif-y.com site. As you imply, KYC is about *knowing* your customer.

If it said "identify and trust new customers and token purchasers" I would not have asked my question.

   Brian

> 
> -- 
>   Jehan Tremback
>   jehan@altheamesh.com
> 
> On Sun, Apr 22, 2018, at 7:29 PM, Brian E Carpenter wrote:
>> Arjuna
>>
>> On 16/04/2018 20:42, Arjuna Sathiaseelan wrote:
>>> this is something we are working on via https://www.verif-y.com/
>>
>> "The Verif-y KYC service allows businesses utilizing blockchain 
>> technology to trust unknown customers and token purchasers in an 
>> efficient, auditable and secure manner."
>>
>> I'm confused. KYC is largely about detecting money laundering, and other 
>> malfeasance, so the last thing a KYC desk cares about is unknown 
>> customers. On the contrary, they want to know the legal identity of the 
>> customer and of the source of funds. Direct access to PII is part of the 
>> process.
>>
>> Believe me, I've been there, not 10 km from cl.cam.ac.uk, when my bank 
>> tried to cut me off from my money soon after I relocated from Auckland 
>> to Cambridge in 2012. Somehow they had failed to update my residence 
>> address and I had to get documents certified and rubber-stamped at 
>> Cambridge police station, and sent by snail mail to the bank's KYC desk, 
>> before we got our money back. How does block chain solve that? (Not a 
>> rhetorical question; I would really like to understand.)
>>
>>     Brian
>>
>>>
>>> hope to get some experiences and I would share here for sure.
>>>
>>> Regards
>>>
>>> On 9 April 2018 at 02:44, Brian E Carpenter <brian.e.carpenter@gmail.com>
>>> wrote:
>>>
>>>> On 09/04/2018 10:28, Arjuna Sathiaseelan wrote:
>>>>>>
>>>>>> 2/ I though many people in the security community were moving away from
>>>>>> proving identity, towards systems that prove entitlement (i.e.
>>>> credentials
>>>>>> are on a need-to-know basis, so if you were say 19, you don't need to
>>>> say
>>>>>> yur age or show id,
>>>>>> but you can't buy a drink in cambridge MA, but you can in cambridge, UK
>>>> :)
>>>>>>
>>>>>
>>>>> digital id plays a major role for all the KYC/AML - massive market.. +
>>>> for
>>>>> employment etc..
>>>>
>>>> Right, but *international* digital ID is a hopeless mess. Just try dealing
>>>> with a USA bank's KYC department when living in New Zealand with a UK
>>>> passport. Nothing works.
>>>>
>>>> That isn't a marginal case. Tens or hundreds of millions of people
>>>> would need cross-border digital ID these days. Sales argument: would
>>>> help to defeat money laundering.
>>>>
>>>>    Brian
>>>>
>>>>> like the idea of proving entitlement - works nicely with crypto
>>>>> charities/aid delivery..
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> bootstrapping something from a BC to provide the credentials is also
>>>>>> problematic, in that
>>>>>> BC needs a PKI to know whether nodes are not sybils, spoofs, etc, so we
>>>>>> have a circular dependance, no?
>>>>>>
>>>>>> maybe i missed an important step, if so, sorry!
>>>>>>
>>>>>>
>>>>>>> Folks,
>>>>>>>
>>>>>>> I thought to share this WSJ article with the DIN group. Relevant in the
>>>>>>> light of recent interest in using BC for identity.
>>>>>>>
>>>>>>> Advance apologies if it offends some people :-)
>>>>>>>
>>>>>>> https://blogs.wsj.com/cio/2018/04/03/digital-identity-
>>>>>> is-broken-heres-a-way-to-fix-it/
>>>>>>>
>>>>>>>
>>>>>>> Below is a link to a PDF version.
>>>>>>>
>>>>>>> http://hardjono.mit.edu/sites/default/files/documents/WSJ_
>>>>>> Digital_Identity_is_Broken.pdf
>>>>>>>
>>>>>>>
>>>>>>> Best
>>>>>>>
>>>>>>> -- thomas --