Re: [Endymail] [Cryptography] Secure universal message addressing
aestetix <aestetix@aestetix.com> Wed, 06 April 2016 05:26 UTC
Return-Path: <aestetix@aestetix.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDA6112D7F9 for <endymail@ietfa.amsl.com>; Tue, 5 Apr 2016 22:26:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9kQynwc64gZV for <endymail@ietfa.amsl.com>; Tue, 5 Apr 2016 22:26:53 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.196]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E274A12D788 for <endymail@ietf.org>; Tue, 5 Apr 2016 22:26:51 -0700 (PDT)
Received: from dan ([79.197.107.54]) by mrelay.perfora.net (mreueus003) with ESMTPSA (Nemesis) id 0MW9l9-1bL1b73xAv-00XOLt; Wed, 06 Apr 2016 07:26:09 +0200
Date: Wed, 06 Apr 2016 07:26:02 +0200
From: aestetix <aestetix@aestetix.com>
To: Natanael <natanael.l@gmail.com>
Message-ID: <20160406052601.GC6265@dan>
References: <CAAt2M1-AtpmREOi1Ex+sLjUqZtbcDOUC_zGd4u5Ot1cW+UT5ug@mail.gmail.com> <CAAt2M18W+k_bNL+WV1pa7dnbgzuThFqrqMcwVk5C20M-b_PrTg@mail.gmail.com> <CAAt2M19ThO-J3awEbKfx--mtpssB-Qk+5rHCcoBD57vytucvMw@mail.gmail.com> <CAAt2M19amebwCsdiNAqrBCD6OwGCUJCpKYkU7kvnRSafywTC=w@mail.gmail.com> <CAAt2M1-HOUjWLZOZycfcmGCgD+DkvsAOzjkd4bCuSjhSLVyDgw@mail.gmail.com> <CAAt2M1_C7OJZLZW7AnK1sYAK9ANpRS-FQ1__guKT7_Zacun+BA@mail.gmail.com> <CAAt2M19TiwGMmtsNyAWwaRk5Kup0for_AV0C=AFd--+kmUYcDw@mail.gmail.com> <CAAt2M19MWW-4CAoCejwYEZm-YzJ6UUWypeBtfPbWLh0ka=Ta8A@mail.gmail.com> <201604050717.u357HBfc014889@new.toad.com> <CAAt2M1-u0A5iROC3brGjMRReBj1fiBK1je_Kb4fU+TO7Y5n5MA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="RIYY1s2vRbPFwWeW"
Content-Disposition: inline
In-Reply-To: <CAAt2M1-u0A5iROC3brGjMRReBj1fiBK1je_Kb4fU+TO7Y5n5MA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Provags-ID: V03:K0:T6GrYniCzBF+Al/0550ugM1SqN+tCC86TpIokh0pTp+x6cDASHn dWGtLunO5XU+AgKUf7afDjlxZMUqHMDKhfVanFWQ6AwKe1jIsF9kVn5SzMwDMY7wW3iA6MX Abb4245vFQ5FHc+/Uqi0l9hUhD1cExxSlLDWBJPjGsGyQEGnJQ5QRxbsO5z97IuiIl+VOKM /BRGjISJ9Owg1K38+9uuQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:0QANEXUmuSg=:4KwnkYKlUsJEgHcCnb1rYp Z2L/lvRRp2UDwSve1tscEOI1vDRT2DNuYeSNHNl+jcrcRGN7gOCjEeutlT7vp62yrSfcv2bAO 16yYXyx9YUqgx+21dXlONIjxh4jAjgDSvUnf8s9UexmGvFyoph/QXEa0q4GKQYyIZILyj21Fq mOoG6aT2QQndCXomptIocSypbhFNbwtE3fdh6Ta15ElKNDVh5zw3OYSyq00EQCFZZv4UwB5G6 o0yNDSF+WVoFDN8TwH6CDbgWQGmvESldTI8w+oUrRR+fmw9XR9G1zsAE87ABPSrRSCAAoMZ5N s6UzvuE3GcJxiheZ3o5galn4MtZJrWNltWh8lGF6nSIx7P/THaBBmcJlUuH/kr0xPXXVWzHX1 NR4Z+dl4cQzqo6CCywJ7EzZrUaz3nJ1QKziRoNwfwzii09Wf5DBzjRppFCJ9Fgu5Jj+yorIG0 nrfvwYpaoNioO9r8daW+T7uOrPVVpzMd3i9Ji30Dklj8F1qQCKRlvnUyweAunmzuak7E7+fWX mypNt0hhH1eiaLwDeJpdztt5CF6JtSD0h7E2CRLewo7mm5xvNM1YUfQq0rRx5kK56yJGPAo0U w7DeHXZ4J5lVeeHxYCXeBaL4MUaBnhXyHTF0GdtETr+9SbKArNY0FCX+eqzFSXWV6uArV4wBY TbSZSxY8Td4rBpaOWofjev4/DKjp2qHswl9GQplbOikkG36ofBxLl2vbtjxKYReouR0U=
Archived-At: <http://mailarchive.ietf.org/arch/msg/endymail/sFmZUSdYjYfGMz7fBuhI77vSpfA>
X-Mailman-Approved-At: Wed, 06 Apr 2016 04:31:19 -0700
Cc: Cryptography Mailing List <cryptography@metzdowd.com>, Crypto List <cryptography@randombit.net>, John Gilmore <gnu@toad.com>, endymail <endymail@ietf.org>, messaging <messaging@moderncrypto.org>, Cryptographers List <crypto-practicum@lists.sonic.net>
Subject: Re: [Endymail] [Cryptography] Secure universal message addressing
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2016 05:28:47 -0000
On Tue, Apr 05, 2016 at 11:09:20AM +0200, Natanael wrote: >- Sent from my phone >Den 5 apr. 2016 09:17 skrev "John Gilmore" <gnu@toad.com>: >> >> > The key idea here is that you get to have *one* identifier for yourself >> > under your control, that you can use everywhere, securely. >> >> The key idea here is a bad idea. >> >> I don't want everyone I interact with to have the same identifier for >> me. That's the problem with Social Security Numbers. With a single >> identifier, all the interactions with me can be cross-correlated to >> track me everywhere I go. Typically this is done NOT for my >> benefit, but to give some third party an advantage over me. > >No problem. This is a per-nickname identifier. Use temporary disposable / >throwaway accounts or context specific accounts if you wish. Then you won't >have everything linked to the same account. The problem with "nick-name" is it assumes all the names are tied to a "real" name. Another problem with having a single root or key identifier: who decides what it is? Being able to pick your name has a lot of power to it, and handing that agency over to a third party also hands that power to them. This is one of the reasons that prisoners are often assigned a number they are required to use instead of their names. If I am going to interact with multiple services, I want control over how I do that interaction. Forcing me to use names that branch off a single origin point defeats the entire purpose. > >> > OpenID essentially died. So did Mozilla's Personas. A bunch of RDF based >> > protocols too. And many many more. >> >> And, from my point of view, this is why they died. I had zero >> interest in helping third parties keep track of me everywhere, using >> the same identifier on widely varying sites. It's already hard enough >> work to keep Google out of my underwear when I don't even have an >> account with them. If I had the same account everywhere? Let's not >> go there. "Login with your Facebook account?" No thanks!!! > >The type of tech Mozilla Personas (or U2F) was using to anonymize the original >account you connected with can be reused, although that would break the >universal addressing aspect. > >Or how about this - you can link multiple profiles / personas / nicknames to >your account, including creating throwaways, and get to chose which one to link >third party services too when you register with them. > >_______________________________________________ >The cryptography mailing list >cryptography@metzdowd.com >http://www.metzdowd.com/mailman/listinfo/cryptography
- [Endymail] Secure universal message addressing Natanael
- Re: [Endymail] Secure universal message addressing Sean Leonard
- Re: [Endymail] Secure universal message addressing Natanael
- Re: [Endymail] [Cryptography] Secure universal me… Natanael
- Re: [Endymail] [messaging] Secure universal messa… Harlan Lieberman-Berg
- Re: [Endymail] [Cryptography] Secure universal me… John Gilmore
- Re: [Endymail] [Cryptography] Secure universal me… aestetix
- Re: [Endymail] [Cryptography] Secure universal me… Hugo Maxwell Connery