Re: [saag] Liking Linkability

Nathan <nathan@webr3.org> Sun, 21 October 2012 10:22 UTC

Return-Path: <nathan@webr3.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80C8F21F88D8 for <saag@ietfa.amsl.com>; Sun, 21 Oct 2012 03:22:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_73=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HWPcJ051LvOI for <saag@ietfa.amsl.com>; Sun, 21 Oct 2012 03:22:30 -0700 (PDT)
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4F30E21F8918 for <saag@ietf.org>; Sun, 21 Oct 2012 03:22:29 -0700 (PDT)
Received: by mail-we0-f172.google.com with SMTP id u46so1106848wey.31 for <saag@ietf.org>; Sun, 21 Oct 2012 03:22:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:reply-to:organization:user-agent:mime-version :to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding:x-gm-message-state; bh=dKOoxCyhO6/7CX0wiqoyTX9/cfEHgj4+bzfElDZLMh8=; b=CYl8SNQ5VgbOzhqC18zW9EBCIC2Q62lVT7N4/5uxRSaJHy7cVoo6CEzHyNCpvJyM1a /E9M5C0N/wTET/DhKOZoQSZDx6LS6cSvnIbvfi6MGaZWISzXgyKFRZwvHUmd8DQWksyk JJ8kaDDTLhPuu2w+jiJ2/ZMk5ynmq573BBdby5/OiP9B/AVQF/Tz2iq19aJX+vIDW7cH SbX5tVZYkWeRn/CvaJaWkHsihZO3pTU9P/e6nqY6Qeq4YON2wpagGPhZ5BkiXP8j/4ga DwKZGuZOpkR+DItjzaF7uKxPU0iNssyPEF1lDDzIrOpnygw4X9h196CFu1+SAbigHtOh 05LA==
Received: by 10.216.141.16 with SMTP id f16mr3975320wej.130.1350814949023; Sun, 21 Oct 2012 03:22:29 -0700 (PDT)
Received: from [192.168.1.69] (host86-141-252-78.range86-141.btcentralplus.com. [86.141.252.78]) by mx.google.com with ESMTPS id fp6sm24938807wib.0.2012.10.21.03.22.27 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 21 Oct 2012 03:22:28 -0700 (PDT)
Message-ID: <5083CCCF.2060407@webr3.org>
Date: Sun, 21 Oct 2012 11:22:07 +0100
From: Nathan <nathan@webr3.org>
Organization: webr3
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <tslzk3jsjv8.fsf@mit.edu> <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG> <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net> <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com> <8AB0C205-87AE-4F76-AA67-BC328E34AF5E@bblfish.net> <CABrd9SQghpi6_rVQKxYXZDtM5HwvE7Kq7SUw5zi41ZRd3y2h9A@mail.gmail.com> <4324B524-7140-49C0-8165-34830DD0F13B@bblfish.net> <CABrd9SQU1uYVaVPedokHxeYkT=759rkPFfimWK1Z8ATzo3yNFA@mail.gmail.com>
In-Reply-To: <CABrd9SQU1uYVaVPedokHxeYkT=759rkPFfimWK1Z8ATzo3yNFA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQmiQ4PMCyao07RcR2bUhcvUugpzXjpVbvNJUUUB7E0TU1pZqbAhAcJDZI1hvOZKNhe7p5BB
X-Mailman-Approved-At: Mon, 22 Oct 2012 08:25:23 -0700
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: nathan@webr3.org
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Oct 2012 10:22:32 -0000

Ben Laurie wrote:
> I'm getting quite tired of this: the point is, you cannot achieve
> unlinkability with WebID except by using a different WebIDs. You made
> the claim that ACLs on resources achieve unlinkability. This is
> incorrect.

You're 100% correct here Ben, and I'm unsure why it's so hard to convey!?

If you use the same identifier for more than one request, subsequent 
requests can be associated with the first request. An identifier here is 
any identifying, stable, information - key parts and URIs.

If the issue is only unlinkability across sites, then you just have a 
keypair+uri per site. Or better, key-pair only, and that's associated 
with an identifier for the agent behind the interface.

You're correct that ACLs won't cut it.