Re: [saag] Liking Linkability
Ben Laurie <benl@google.com> Fri, 19 October 2012 13:52 UTC
Return-Path: <benl@google.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC69321F84F8 for <saag@ietfa.amsl.com>; Fri, 19 Oct 2012 06:52:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CTv7-OueixFo for <saag@ietfa.amsl.com>; Fri, 19 Oct 2012 06:52:30 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 0F5B621F86E3 for <saag@ietf.org>; Fri, 19 Oct 2012 06:52:26 -0700 (PDT)
Received: by mail-wg0-f44.google.com with SMTP id dr13so259873wgb.13 for <saag@ietf.org>; Fri, 19 Oct 2012 06:52:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record; bh=9xEqwtHm4ZhXCUqnAkGT2SAiw9k2c6iaDCqz9Pi4E9k=; b=LnoBovTCu8+1b4I1ajVZn21u43yagOp41mrcLxQCiG1+gyn1jWpQHvOQgtdLBe0roN qMJGK6bT1kvRzPvVnLJ6Jyw1WdPtnexvA1kOs1HWxMjVGoX7nL7p9svIFT5kZKerfzmh hh2RtqBIGXqfaTCrVWGfmncyt8kpXNX+KvwtW9SJNmKmnxmxo+hd8zN4RwPDWlXfpVBN RfVJKr7EyZJRiB7JgVAuehqrcBSAXj6w3iHi59W60MkD4Q9EB50VlHDVPSzqNl+9ZCZ1 sw63DDNDC4ITcKh6X+4zK/4KVVAuFtVsyg7KJtbm+KjqDfQt6o1DsfXp92AqxzrsTgQO 1ZAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=9xEqwtHm4ZhXCUqnAkGT2SAiw9k2c6iaDCqz9Pi4E9k=; b=WOrE8lNneINKNsFsc81rF2b9rFqPya7g7DcU3xzqpYdgAXQjFd6AlqyaXU7GeM3tyq WMka56AvExhg9JT8q2u2iT+SO9rtpe3Pr7XrqRfKvJiuH0WvmeEXFA5fK5JFFcbhewLA vX6PaiI/iI1qRFXkG7zhTCqH3MLUwEUtAjrWSJoyQxCetwUZuZZyalvX6eFsFY+Efy8n r5mInLydXP1e03l/DLZc+2CUfZx/j6MPzxIBFsCbKbNVQ+zgpYKqn2XWePHcmepWeXkm 0sLVL6HiAcD2YvOg3yaWLtVxaCMmmUO89s9hKl8kiH4Dzjzb5o9PHRkC9NWW6DHn/w68 irsw==
MIME-Version: 1.0
Received: by 10.180.85.99 with SMTP id g3mr3465948wiz.5.1350654745927; Fri, 19 Oct 2012 06:52:25 -0700 (PDT)
Received: by 10.216.236.201 with HTTP; Fri, 19 Oct 2012 06:52:25 -0700 (PDT)
In-Reply-To: <4324B524-7140-49C0-8165-34830DD0F13B@bblfish.net>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <tslzk3jsjv8.fsf@mit.edu> <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG> <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net> <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com> <8AB0C205-87AE-4F76-AA67-BC328E34AF5E@bblfish.net> <CABrd9SQghpi6_rVQKxYXZDtM5HwvE7Kq7SUw5zi41ZRd3y2h9A@mail.gmail.com> <4324B524-7140-49C0-8165-34830DD0F13B@bblfish.net>
Date: Fri, 19 Oct 2012 14:52:25 +0100
Message-ID: <CABrd9SQU1uYVaVPedokHxeYkT=759rkPFfimWK1Z8ATzo3yNFA@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Henry Story <henry.story@bblfish.net>
Content-Type: text/plain; charset="ISO-8859-1"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQkAPEHA3HR8rnGIwoROUSBtGJdcL9E6dhw3S3Imae8f/YjWfothO98iTAUgJObKhUe0io6vowZVfP2cjnml1q7XaShFm1RFcHoaUHRaDaC8O3Vyd46lrgX9zAVVjJQw71V/Uwwa4suUwJ8KC7XJ8Wxu5KNgyHzXZwnFGwC6YdDWzkUbc4wNUtw2ezgpDvYLZhU7/vXw
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2012 13:52:31 -0000
On 19 October 2012 14:46, Henry Story <henry.story@bblfish.net> wrote: > > On 19 Oct 2012, at 15:31, Ben Laurie <benl@google.com> wrote: > >> On 19 October 2012 13:01, Henry Story <henry.story@bblfish.net> wrote: >>> >>> On 18 Oct 2012, at 21:29, Ben Laurie <ben@links.org> wrote: >>> >>>> On Thu, Oct 18, 2012 at 8:20 PM, Henry Story <henry.story@bblfish.net> wrote: >>>>> >>>>> On 18 Oct 2012, at 21:04, Mouse <mouse@Rodents-Montreal.ORG> wrote: >>>>> >>>>>>> [...] >>>>>>> Unfortunately, I think that's too high of a price to pay for >>>>>>> unlinkability. >>>>>>> So I've come to the conclusion that anonymity will depend on >>>>>>> protocols like TOR specifically designed for it. >>>>>> >>>>>> Is it my imagination, or is this stuff confusing anonymity with >>>>>> pseudonymity? I feel reasonably sure I've missed some of the thread, >>>>>> but what I have seem does seem to be confusing the two. >>>>>> >>>>>> This whole thing about linking, for example, seems to be based on >>>>>> linking identities of some sort, implying that the systems in question >>>>>> *have* identities, in which case they are (at best) pseudonymous, not >>>>>> anonymous. >>>>> >>>>> With WebID ( http://webid.info/ ) you have a pseudonymous global identifier, >>>>> that is tied to a document on the Web that need only reveal your public key. >>>>> That WebID can then link to further information that is access controlled, >>>>> so that only your friends would be able to see it. >>>>> >>>>> The first diagram in the spec shows this well >>>>> >>>>> http://webid.info/spec/#publishing-the-webid-profile-document >>>>> >>>>> If you put WebID behind TOR and only have .onion WebIDs - something that >>>>> should be possible to do - then nobody would know WHERE the box hosting your >>>>> profile is, so they would not be able to just find your home location >>>>> from your ip-address. But you would still be able to link up in an access >>>>> controlled manner to your friends ( who may or may not be serving their pages >>>>> behind Tor ). >>>>> >>>>> You would then be unlinkable in the sense of >>>>> http://tools.ietf.org/html/draft-iab-privacy-considerations-03 >>>>> >>>>> [[ >>>>> Within a particular set of information, the >>>>> inability of an observer or attacker to distinguish whether two >>>>> items of interest are related or not (with a high enough degree of >>>>> probability to be useful to the observer or attacker). >>>>> ]] >>>>> >>>>> from any person that was not able to access the resources. But you would >>>>> be linkable by your friends. I think you want both. Linkability by those >>>>> authorized, unlinkability for those unauthorized. Hence linkability is not >>>>> just a negative. >>>> >>>> I really feel like I am beating a dead horse at this point, but >>>> perhaps you'll eventually admit it. Your public key links you. >>> >>> The question is to whom? What is the scenario you are imagining, and who is >>> the attacker there? >>> >>>> Access >>>> control on the rest of the information is irrelevant. Indeed, access >>>> control on the public key is irrelevant, since you must reveal it when >>>> you use the client cert. >>> >>> You are imagining that the server I am connecting to, and that I have >>> decided to identify myself to, is the one that is attacking me? Right? >>> Because otherwise I cannot understand your issue. >>> >>> But then I still do not understand your issue, since I deliberately >>> did connect to that site in an identifiable manner with a global id. >>> I could have created a locally valid ID only, had I wanted to not >>> connect with a globally valid one. >>> >>> So your issue boils down to this: if I connect to a web site deliberately >>> with a global identifier, then I am globally identified by that web site. >>> Which is what I wanted. >>> >>> So perhaps it is up to you to answer: why should I not want that? >> >> I am not saying you should not want that, I am saying that ACLs on the >> resources do not achieve unlinkability. > > Can you expand on what the dangers are? > >> >>>> Incidentally, to observers as well as the >>>> server you connect to. >>> >>> Not when you re-negotiation I think. >> >> That's true, but is not specified in WebID, right? Also, because of >> the renegotiation attack, this is currently insecure in many cases. > > WebID on TLS does rely on TLS. Security is not a goal one can reach, > it is a way of travelling. So I do expect every security protocol to > have issues. These ones are being fixed, and if more people build on > them, the priority of the need to fix them will grow faster. > >> >>> And certainly not if you use Tor, right? >> >> Tor has no impact on the visibility of the communication at the server end. > > You really need to expand on what the danger is. Because again > I think you are thinking of the site I am connecting to as the attacker. > But I may be wrong. I'm getting quite tired of this: the point is, you cannot achieve unlinkability with WebID except by using a different WebIDs. You made the claim that ACLs on resources achieve unlinkability. This is incorrect. So yes, the scenario is there are two sites that I connect to using WebID and I want each of them to not be able to link my connections to the other. To do this, I need two WebIDs, one for each site. ACLs do not assist. > >> >>> >>> >>> Social Web Architect >>> http://bblfish.net/ >>> >>> >>> _______________________________________________ >>> saag mailing list >>> saag@ietf.org >>> https://www.ietf.org/mailman/listinfo/saag >>> > > Social Web Architect > http://bblfish.net/ >
- [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Klaas Wierenga (kwiereng)
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Josh Howlett
- Re: [saag] Liking Linkability Sam Hartman
- Re: [saag] Liking Linkability Mouse
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Harry Halpin
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability Sam Hartman
- Re: [saag] Liking Linkability Mo McRoberts
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Sam Hartman
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Harry Halpin
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability Dan Brickley
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Robin Wilton
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Robin Wilton
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability Melvin Carvalho