Re: The problem we could solve (re github etc.)
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 10 June 2021 13:24 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 864993A4145 for <ietf@ietfa.amsl.com>; Thu, 10 Jun 2021 06:24:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZWOtt9SBdT-3 for <ietf@ietfa.amsl.com>; Thu, 10 Jun 2021 06:24:54 -0700 (PDT)
Received: from mail-yb1-f175.google.com (mail-yb1-f175.google.com [209.85.219.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE8D23A4149 for <ietf@ietf.org>; Thu, 10 Jun 2021 06:24:53 -0700 (PDT)
Received: by mail-yb1-f175.google.com with SMTP id i6so26124114ybm.1 for <ietf@ietf.org>; Thu, 10 Jun 2021 06:24:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GXmb2E6VU1j/eQP4RSCPNMAI58WxUIfQ3So97CfHhgU=; b=gmSnMa7KRI6zs4/ROdArICl2gkFLWu0Ku0UE3yDSWr6cq7HFQ2Xjq3Lh36nSiUzwe+ MaPfLAHr8zMgVdM7DfA4qSc5WKY5ckzVZCZR8aQDV1F+5HuKTdrqldPnmtPae1j9qnnv P1G6R9g9QyWfEvjlHVTWt4v2Piy6aDhc13quXJZoq/oQCcjTI1kBrG7cV7oGje1Qyx18 z1/bmWpnXJp0XBJlmK+l9VUG18LpGfbLPiXFE1/pfLxqO9Ek2JTGYEJX1wACKU1z6BhS QfSu0Y60NhOHxk/5mrxYpojztjBXcekbrH9n3ASib2D8eKwPWc+LqNP4aiqK7v8eIeM8 cBfA==
X-Gm-Message-State: AOAM530lVunbAkLIFcAT4CkOsHYgOnjrbkTXRFRyCWgN2vDkARKDmASt 9wJhOgDkezp5k5LNYWBUEOh1lapq1Siqp7tAqoANnE08oCw=
X-Google-Smtp-Source: ABdhPJw+olgMPb7Tm6Yc1N+Fo1anEUZVMmJ+JUZ4aAEuDimo4LSP5ZmJ//N1mehpzRNJbGVHb+f6u5AhRmXgmMqD5sk=
X-Received: by 2002:a25:a08d:: with SMTP id y13mr7551532ybh.522.1623331492823; Thu, 10 Jun 2021 06:24:52 -0700 (PDT)
MIME-Version: 1.0
References: <DM4PR11MB5438CC6D84B301C907DAA6D1B5369@DM4PR11MB5438.namprd11.prod.outlook.com> <20210609163823.72897E1865D@ary.qy> <CAMm+Lwhs0C80K2B4MoKi1ijghE2o6tmF7E8QreCK62P1bc9Q5Q@mail.gmail.com> <a567a4a6-8aa0-1bf1-bf3b-18c71213fa@iecc.com> <494082D95C1883FD462E6307@PSB> <CAMm+Lwh3wJ9pHRB7cDK2kPXUm5ucYv+RhU-ayXqXSXoXBPL9ag@mail.gmail.com> <a18cb073-0038-91be-6f79-1121bd3b89f3@tana.it>
In-Reply-To: <a18cb073-0038-91be-6f79-1121bd3b89f3@tana.it>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 10 Jun 2021 09:24:40 -0400
Message-ID: <CAMm+LwgeBaShoPjVWswsFHZtiJcxybd9u9n_DZpDYQqDAWBjxQ@mail.gmail.com>
Subject: Re: The problem we could solve (re github etc.)
To: Alessandro Vesely <vesely@tana.it>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fb9bc105c46950b3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/w2qIt9rOWM0oF4LgcKw8Eim51dw>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2021 13:24:59 -0000
On Thu, Jun 10, 2021 at 7:25 AM Alessandro Vesely <vesely@tana.it> wrote: > On Wed 09/Jun/2021 23:48:30 +0200 Phillip Hallam-Baker wrote: > > On Wed, Jun 9, 2021 at 5:22 PM John C Klensin <john-ietf@jck.com> wrote: > > > >> And I have a question: What does this rather long thread actually have > to > >> do with the IETF other than demonstrating that it would be dumb for our > >> discussions to depend on a providers who intended to support those > >> discussions by selling subscriptions and/or tracking user behavior > and/or > >> comments? > > > The reason I tried to bring it back to stuff that is in IETF scope was > > because I see all of these issues as being aspects of the same broken > > approach to Internet accounts. > > There's a field in my Datatracker account linking to my GitHub account. > GitHub > has a field for linking Twitter accounts but not IETF ones. In practice, > I > sent the account name to the WG chair via an unsigned email message. Is > that > vulnerable to social engineering attacks? > What we need is a mechanism that allows us to link everything to a permanent identifier that belongs to the user and is thus immutable. One option is a public key fingerprint. But that has user acceptance issues and PGP fingerprints have developed as an identifier that is subordinate to an email address which is the opposite of what we want. We have to have names that look like 'alice', not a string of base32 characters. One could find names at less that 1$, but then shouldn't expect to deliver > much > of the mail sent from such domains. The price we pay is for globalness > and > some kind of moderation. > I spent 25 years working out how to validate keys that a user has attached to a name and it is near impossible without a national identity card level of effort and even then the result is limited. It gets us strong binding to the name holder which is rarely what we want for Internet stuff. Then I flipped the problem round, what if instead of validating a key, we have a person use that key to claim a name to serve as an alias for that key on a first come first served basis. That is entirely tractable and doesn't require trusted third party, a Merkle Tree over an append only log is sufficient. If every message was signed and mail messaging subject to access control, Alice is going to receive every message from Bob if shed decides to authorize him to send her mail. SMTP is not going to be replaced overnight but I think that there might be a market for an email messaging service for important messages that is open, end-to-end encrypted and does not allow unauthorized parties to spam. PHB
- Why we really can't use Facebook for technical di… Dean Willis
- Re: Why we really can't use Facebook for technica… Fred Baker
- Re: Why we really can't use Facebook for technica… Töma Gavrichenkov
- Re: Why we really can't use Facebook for technica… Dean Willis
- Re: Why we really can't use Facebook for technica… Jared Mauch
- Re: Why we really can't use Facebook for technica… Phillip Hallam-Baker
- Re: Why we really can't use Facebook for technica… Dean Willis
- Re: Why we really can't use Facebook for technica… Phillip Hallam-Baker
- RE: Why we really can't use Facebook for technica… Larry Masinter
- Re: Why we really can't use Facebook for technica… Emil Ivov
- Re: Why we really can't use Facebook for technica… Christian Hopps
- Re: Why we really can't use Facebook for technica… Salz, Rich
- Re: Why we really can't use Facebook for technica… Dean Willis
- Re: Why we really can't use Facebook for technica… Salz, Rich
- Re: Why we really can't use Facebook for technica… Olivier MJ Crépin-Leblond
- Re: Why we really can't use Facebook for technica… Phillip Hallam-Baker
- RE: Why we really can't use Facebook for technica… Larry Masinter
- Re: Why we really can't use Facebook for technica… Fred Baker
- RE: Why we really can't use Facebook for technica… Larry Masinter
- Re: Why we really can't use Facebook for technica… Lloyd W
- Re: Why we really can't use Facebook for technica… Spencer Dawkins at IETF
- Re: Why we really can't use Facebook for technica… Phillip Hallam-Baker
- Re: Why we really can't use Facebook for technica… lloydwood@users.sourceforge.net
- Re: Why we really can't use Facebook for technica… Bron Gondwana
- Re: Why we really can't use Facebook for technica… Keith Moore
- Re: Why we really can't use Facebook for technica… Phillip Hallam-Baker
- Re: Why we really can't use Facebook for technica… Keith Moore
- Re: Why we really can't use Facebook for technica… Andy Ringsmuth
- Re: Why we really can't use Facebook for technica… Lloyd W
- Re: Why we really can't use Facebook for technica… Keith Moore
- Re: Why we really can't use Facebook for technica… Phillip Hallam-Baker
- Re: Why we really can't use Facebook for technica… Keith Moore
- Re: Why we really can't use Facebook for technica… Randy Presuhn
- Re: Why we really can't use Facebook for technica… Dean Willis
- Re: Why we really can't use Facebook for technica… Andy Ringsmuth
- Re: Why we really can't use Facebook for technica… Keith Moore
- Re: Moderation at scale is hard^Wimpossible, or W… John Levine
- Re: Moderation at scale is hard^Wimpossible, or W… Emil Ivov
- Re: Why we really can't use Facebook for technica… Richard Shockey
- Re: Why we really can't use Facebook for technica… Aqua Q Glass
- Re: Why we really can't use Facebook for technica… Aqua Q Glass
- Re: Why we really can't use Facebook for technica… Lloyd W
- Re: Why we really can't use Facebook for technica… Lloyd W
- RE: Why we really can't use Facebook for technica… Rob Wilton (rwilton)
- Re: Why we really can't use Facebook for technica… Lloyd W
- RE: Why we really can't use Facebook for technica… Rob Wilton (rwilton)
- Re: Why we really can't use Facebook for technica… Phillip Hallam-Baker
- Re: github terms of service, not Why we really ca… John Levine
- The problem we could solve (re github etc.) Phillip Hallam-Baker
- Re: The problem we could solve (re github etc.) John R. Levine
- Re: The problem we could solve (re github etc.) John C Klensin
- Re: The problem we could solve (re github etc.) Michael Richardson
- Re: The problem we could solve (re github etc.) Michael Richardson
- Re: The problem we could solve (re github etc.) Phillip Hallam-Baker
- Re: The problem we could solve (re github etc.) Alessandro Vesely
- Re: The problem we could solve (re github etc.) Phillip Hallam-Baker