Re: [saag] Liking Linkability
Henry Story <henry.story@bblfish.net> Fri, 19 October 2012 12:01 UTC
Return-Path: <henry.story@bblfish.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4029F21F86AB for <saag@ietfa.amsl.com>; Fri, 19 Oct 2012 05:01:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bVyJToLAkVZb for <saag@ietfa.amsl.com>; Fri, 19 Oct 2012 05:01:10 -0700 (PDT)
Received: from mail-ee0-f44.google.com (mail-ee0-f44.google.com [74.125.83.44]) by ietfa.amsl.com (Postfix) with ESMTP id CF9E521F8630 for <saag@ietf.org>; Fri, 19 Oct 2012 05:01:09 -0700 (PDT)
Received: by mail-ee0-f44.google.com with SMTP id d4so195082eek.31 for <saag@ietf.org>; Fri, 19 Oct 2012 05:01:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=/ChK0EXlHCHYrqfeWvOFvFhksmWKWfn5ecNaME/p+7U=; b=QTdsKGvbYQFYxcHmiJDszfqztCPd4ec1jR8aPIADvv7GkiInr9gbnqjt1rB76e0kZA /2s0k+6ndVg8lVNPS6fwHuccm8sUQlDL2s0y0OYKRnEAKZslpWrngwsjuSlkfwrJeBdz sEYYB7rCi+H62sIvHasJVdH6gSidW225jls2cTPE2FUyQ/3rxPyJ/kYFpxae1Hc8Ydg3 3CN14m0OoU+kEt2nferoob8J/gD+Zqk+ooWOy4pxS9luTcFfQ4BW84WfDgVEthj3KufV pDGLaUtcsn+t4tT8kNMZbB/xj0WDxby2wLKyab3SDs/SsjyBL/nUzq0aS9hCaG9GbzfO i2Qw==
Received: by 10.14.172.195 with SMTP id t43mr1470895eel.17.1350648068668; Fri, 19 Oct 2012 05:01:08 -0700 (PDT)
Received: from bblfish.home (AAubervilliers-651-1-132-122.w86-198.abo.wanadoo.fr. [86.198.99.122]) by mx.google.com with ESMTPS id z43sm2254188een.16.2012.10.19.05.01.05 (version=SSLv3 cipher=OTHER); Fri, 19 Oct 2012 05:01:06 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_0CC5E56D-9FF2-4E11-A5C2-4C08E3DC6E99"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Henry Story <henry.story@bblfish.net>
In-Reply-To: <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com>
Date: Fri, 19 Oct 2012 14:01:04 +0200
Message-Id: <8AB0C205-87AE-4F76-AA67-BC328E34AF5E@bblfish.net>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <tslzk3jsjv8.fsf@mit.edu> <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG> <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net> <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com>
To: Ben Laurie <ben@links.org>
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQlYZdHgtq+nkoqJRMXltj37JJsAt7799pNIcCOmickpkwFRLofbX6oUQIFuO9NIqUUCmiGR
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2012 12:01:11 -0000
On 18 Oct 2012, at 21:29, Ben Laurie <ben@links.org> wrote: > On Thu, Oct 18, 2012 at 8:20 PM, Henry Story <henry.story@bblfish.net> wrote: >> >> On 18 Oct 2012, at 21:04, Mouse <mouse@Rodents-Montreal.ORG> wrote: >> >>>> [...] >>>> Unfortunately, I think that's too high of a price to pay for >>>> unlinkability. >>>> So I've come to the conclusion that anonymity will depend on >>>> protocols like TOR specifically designed for it. >>> >>> Is it my imagination, or is this stuff confusing anonymity with >>> pseudonymity? I feel reasonably sure I've missed some of the thread, >>> but what I have seem does seem to be confusing the two. >>> >>> This whole thing about linking, for example, seems to be based on >>> linking identities of some sort, implying that the systems in question >>> *have* identities, in which case they are (at best) pseudonymous, not >>> anonymous. >> >> With WebID ( http://webid.info/ ) you have a pseudonymous global identifier, >> that is tied to a document on the Web that need only reveal your public key. >> That WebID can then link to further information that is access controlled, >> so that only your friends would be able to see it. >> >> The first diagram in the spec shows this well >> >> http://webid.info/spec/#publishing-the-webid-profile-document >> >> If you put WebID behind TOR and only have .onion WebIDs - something that >> should be possible to do - then nobody would know WHERE the box hosting your >> profile is, so they would not be able to just find your home location >> from your ip-address. But you would still be able to link up in an access >> controlled manner to your friends ( who may or may not be serving their pages >> behind Tor ). >> >> You would then be unlinkable in the sense of >> http://tools.ietf.org/html/draft-iab-privacy-considerations-03 >> >> [[ >> Within a particular set of information, the >> inability of an observer or attacker to distinguish whether two >> items of interest are related or not (with a high enough degree of >> probability to be useful to the observer or attacker). >> ]] >> >> from any person that was not able to access the resources. But you would >> be linkable by your friends. I think you want both. Linkability by those >> authorized, unlinkability for those unauthorized. Hence linkability is not >> just a negative. > > I really feel like I am beating a dead horse at this point, but > perhaps you'll eventually admit it. Your public key links you. The question is to whom? What is the scenario you are imagining, and who is the attacker there? > Access > control on the rest of the information is irrelevant. Indeed, access > control on the public key is irrelevant, since you must reveal it when > you use the client cert. You are imagining that the server I am connecting to, and that I have decided to identify myself to, is the one that is attacking me? Right? Because otherwise I cannot understand your issue. But then I still do not understand your issue, since I deliberately did connect to that site in an identifiable manner with a global id. I could have created a locally valid ID only, had I wanted to not connect with a globally valid one. So your issue boils down to this: if I connect to a web site deliberately with a global identifier, then I am globally identified by that web site. Which is what I wanted. So perhaps it is up to you to answer: why should I not want that? > Incidentally, to observers as well as the > server you connect to. Not when you re-negotiation I think. And certainly not if you use Tor, right? Social Web Architect http://bblfish.net/
- [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Klaas Wierenga (kwiereng)
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Josh Howlett
- Re: [saag] Liking Linkability Sam Hartman
- Re: [saag] Liking Linkability Mouse
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Harry Halpin
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability Sam Hartman
- Re: [saag] Liking Linkability Mo McRoberts
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Sam Hartman
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Harry Halpin
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability Dan Brickley
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Robin Wilton
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Robin Wilton
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability Melvin Carvalho