IETF Logo Mail Archive

[pkng] More thoughts: Privacy

Massimiliano Pala <Massimiliano.Pala@Dartmouth.edu> Tue, 17 November 2009 21:00 UTC

Return-Path: <Massimiliano.Pala@Dartmouth.edu>
X-Original-To: pkng@core3.amsl.com
Delivered-To: pkng@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5D1CA3A6AC2 for <pkng@core3.amsl.com>; Tue, 17 Nov 2009 13:00:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.48
X-Spam-Level:
X-Spam-Status: No, score=-5.48 tagged_above=-999 required=5 tests=[AWL=0.500, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, RCVD_IN_SORBS_WEB=0.619]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L4XsoGod3sIf for <pkng@core3.amsl.com>; Tue, 17 Nov 2009 13:00:17 -0800 (PST)
Received: from mail.cs.dartmouth.edu (mail.cs.dartmouth.edu [129.170.212.100]) by core3.amsl.com (Postfix) with ESMTP id 281D13A690E for <pkng@irtf.org>; Tue, 17 Nov 2009 13:00:17 -0800 (PST)
Received: from [192.168.100.56] (c-68-45-62-30.hsd1.nj.comcast.net [68.45.62.30]) (authenticated bits=0) by mail.cs.dartmouth.edu (8.14.3/8.14.3) with ESMTP id nAHL0CoI012647 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT) for <pkng@irtf.org>; Tue, 17 Nov 2009 16:00:12 -0500
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 mail.cs.dartmouth.edu nAHL0CoI012647
Message-ID: <4B030FF1.8030200@Dartmouth.edu>
Date: Tue, 17 Nov 2009 16:04:49 -0500
From: Massimiliano Pala <Massimiliano.Pala@Dartmouth.edu>
Organization: Dartmouth College / OpenCA Labs
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4pre) Gecko/20090922 Fedora/3.0-3.9.b4.fc12 Thunderbird/3.0b4
MIME-Version: 1.0
To: pkng@irtf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms010303040705060500000702"
Subject: [pkng] More thoughts: Privacy
X-BeenThere: pkng@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: openca@acm.org
List-Id: "Public Key Next Generation \(PKNG\) Research Group" <pkng.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/pkng>
List-Post: <mailto:pkng@irtf.org>
List-Help: <mailto:pkng-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2009 21:00:18 -0000

Hi PK-NGers,

I would like to add one aspect that I think could be an important addition
to current PKIs. Indeed, what we have today is a complete disclosure of one's
identity. PKI protocols have been designed without taking into any account
privacy concerns.

As many of the ideas I read on the list are related to easily extend trust
by somehow linking together different infrastructures, I think that we shall
keep in mind that privacy is very important when linking together different
organizations/authorities.

I tried to make the point on the PKIX list (I guess most of the people here
are also subscribed to that list) about the OCSP - currently the answer in
traditional PKI is using SSL/TLS for communication between peers - but that
would not solve the problem on the OCSP server, its logs and how policies
should take care of how to handle that data. If the data on the server's log
is sufficiently anonymized, then it is easier to federate identities and
outsource services or relying on 3rd party servers.

What do you think ?


-- 

Best Regards,

	Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]                   openca@acm.org
                                                  project.manager@openca.org

Dartmouth Computer Science Dept               Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory                          Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
							   -- Isaac Asimov

v2.23.0 | Report a Bug | By Email