Re: [saag] Liking Linkability

Ben Laurie <benl@google.com> Tue, 23 October 2012 12:04 UTC

Return-Path: <benl@google.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B31A21F8458 for <saag@ietfa.amsl.com>; Tue, 23 Oct 2012 05:04:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z92ZX3d20cog for <saag@ietfa.amsl.com>; Tue, 23 Oct 2012 05:04:06 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 986DD21F8453 for <saag@ietf.org>; Tue, 23 Oct 2012 05:04:06 -0700 (PDT)
Received: by mail-wg0-f44.google.com with SMTP id dr13so2108070wgb.13 for <saag@ietf.org>; Tue, 23 Oct 2012 05:03:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record; bh=VE4a6WTEkTFQZzWezbx1WVILBVw2GG9SYCuXrv9FGi8=; b=EC7XIFK0chrPMo79f5jhJU/1ZP3nMj5gtrDxyvCB20Qy/WrrBsH7blZ9ooRrSg6v81 GFL7VUyUgyAP90pNesXeRcMcVWo160LL0Yj5BDiWjfkvk3fCdUTHrjVg6w0ZpvxrJCkE rdWQHEDnF7RBTM/NYObpPeBq1NDA/91iRxZqgXXAdHpd00/p6vwcpdSU0qJ0i6HZ1mVO CHXe20aM412/tkcgbtGo/tpTwO7Tojcof+WMu6tCjBxeEY31Sn+6Wte18pjeTnLn/oTA MnSZ4av3SaKMZC1w7DGpKA57c05iBz6i8uu7C8Q8QA3yF1jSbpEksgq4PA0mjMeWZkeV tdKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=VE4a6WTEkTFQZzWezbx1WVILBVw2GG9SYCuXrv9FGi8=; b=IB2P6dACDmbd2gWpmoTLiRIkmTuT6V0uxScqrMhBN0Uf73fjprUL3xMMaDsgyN2l+h V5zCOYErUvF9ZXxxLmxx4O7D5VMG09wCpH+V0ACR4pI9j47GrdU+BztrDuIZCHrH4Q0h IguzgksxhdvPWX935OD3hPb4KhDE7sD9VkgoVXzjRwbYk6tnJ8F2ScoBbfvWSVZZovX/ 6ldS92pj1jfyIO/oFVpLIU3l6z5HZKTzoB2EuIhfXd6wQYfR39MJjQO6gPl1PceykmjA GgR+hn9LrsUt50z0dX22Oqi8SRH7hOZ92gb8bQ7QhOvGDiBTvi6rj9eEjjb8dviOcR0J 7TBg==
MIME-Version: 1.0
Received: by 10.216.140.205 with SMTP id e55mr7044855wej.2.1350993838268; Tue, 23 Oct 2012 05:03:58 -0700 (PDT)
Received: by 10.194.76.170 with HTTP; Tue, 23 Oct 2012 05:03:58 -0700 (PDT)
In-Reply-To: <508683A1.1050809@fcns.eu>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <8AB0C205-87AE-4F76-AA67-BC328E34AF5E@bblfish.net> <CABrd9SQghpi6_rVQKxYXZDtM5HwvE7Kq7SUw5zi41ZRd3y2h9A@mail.gmail.com> <4324B524-7140-49C0-8165-34830DD0F13B@bblfish.net> <CABrd9SQU1uYVaVPedokHxeYkT=759rkPFfimWK1Z8ATzo3yNFA@mail.gmail.com> <5083CCCF.2060407@webr3.org> <50842789.3080301@openlinksw.com> <50845268.4010509@webr3.org> <5084AC77.8030600@openlinksw.com> <50851512.9090803@webr3.org> <CABrd9SRNVLbWxifQAQ6iuX4qMeFmZVD6rO_q=L348G1UZzr9tg@mail.gmail.com> <50852726.9030102@openlinksw.com> <CABrd9SQ3KTqHq1hOfbLAU5hfgNyqCPK4u+ToEda+VtQ5S0utwA@mail.gmail.com> <5085360E.3080008@openlinksw.com> <50853CD8.8020005@w3.org> <5FB468E4-BDD3-4635-ACD0-A23540C08751@bblfish.net> <508562C2.1060905@w3.org> <F7EA147A-8A49-4627-8AA0-DD811CB9AC49@bblfish.net> <CAG5KPzx673VKqg4=26-cvfeXZrBfK-XbURFj8eYx_mXVkko41A@mail.gmail.com> <508669C5.90400@webr3.org> <CABrd9SQC-ZSzS24q93a7WpR9vs79kzM_6pPcdbynvhcKOXWNcg@mail.gmail.com> <508683A1.1050809@fcns.eu>
Date: Tue, 23 Oct 2012 13:03:58 +0100
Message-ID: <CABrd9SSDhDyF2bEiZPyrqu6uqh-DRknh5OMn6TgeZpV+RmHmnQ@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Andrei Sambra <andrei@fcns.eu>
Content-Type: text/plain; charset=ISO-8859-1
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQnc4NDPfIsWRyUY36og8c6T4HC3xhrgc3tRfVNSxluJe6o0B4K77Nt0Cfo9Wjv2vp3SjHBIrUFKdR7cFz9vqV9CwUzPpKhAW5IERwbWWqwWr4uTAbCnEo6XCztkwKaCp8FpUGDVCQJxGzSJSr87WzsIc3XvmO5bTBEgb+rnTaXuELofkCjmH0yL11H+cGv8POIw2bee
Cc: Halpin Harry <H.halplin@ed.ac.uk>, nathan@webr3.org, public-identity@w3.org, saag@ietf.org, "public-privacy@w3.org list" <public-privacy@w3.org>, public-webid@w3.org
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Oct 2012 12:04:07 -0000

On 23 October 2012 12:46, Andrei Sambra <andrei@fcns.eu> wrote:
> On 10/23/2012 12:50 PM, Ben Laurie wrote:
>>
>> On 23 October 2012 10:56, Nathan <nathan@webr3.org> wrote:
>>>
>>> Ben Laurie wrote:
>>>>
>>>>
>>>> b) Linkability it not, as you say, inherently bad. The problem occurs
>>>> when you have (effectively) no choice about linkability.
>>>
>>>
>>>
>>> .. and when people convey or infer that there is no choice about
>>> linkability, when there really is scope to be as unlinkable as one likes
>>> within WebID.
>>
>>
>> I have never disputed that - my point is that if I am as unlinkable as
>> I like I then have a fairly horrific problem managing a large number
>> of certificates and remembering which one I used where.
>>
>
> Wouldn't you say you have the same problem now with most, if not all
> authentication protocols?

Yes.

> I still think it's easier to manage 100s of
> certificates compared to managing 100s of user/pass combinations.
>
> If it is a UI issue, then it can be made more intuitive. From what you say
> above, the WebID protocol itself is not the problem.

Well. There are certainly protocols that reduce this particular
problem, in particular those that use selective disclosure or zero
knowledge to solve the linkability issue without requiring a plethora
of keys.

>
> Andrei
>
> P.S. I've been trying to follow this conversation and so far it's been a
> pain in the @$$. W3C should have a way to separate threads based on
> relevance to one's interests, otherwise it becomes very hard to be
> productive when you have to read though so many emails daily.