Re: [saag] Liking Linkability

Ben Laurie <ben@links.org> Thu, 18 October 2012 19:29 UTC

Return-Path: <benlaurie@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5BCB21F84DD for <saag@ietfa.amsl.com>; Thu, 18 Oct 2012 12:29:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PKg9C2U1i762 for <saag@ietfa.amsl.com>; Thu, 18 Oct 2012 12:29:39 -0700 (PDT)
Received: from mail-vc0-f172.google.com (mail-vc0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 10A1321F84BE for <saag@ietf.org>; Thu, 18 Oct 2012 12:29:38 -0700 (PDT)
Received: by mail-vc0-f172.google.com with SMTP id fl11so10963778vcb.31 for <saag@ietf.org>; Thu, 18 Oct 2012 12:29:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=2XDvH7GK8Z261iao6ozvQw9NVrTWFNCYXelomm+pJNc=; b=0xE9T8wikCDnHDlmyLMBTwHN0rSdeDWQ06XYmic3LfBwt4HVIGDxiTI1aZzDUXD3AF h1pZtoxNEuSP+9WRmCss4oUVY30YItR/tvXAHtvYqaow/TrzIEx5Uszqs4lEn8zHLnTU XAM0JmxsRkD1zElk9SRtIm0dQEanMbM3diYwsCBkZTLmZ/cUlWGdfBSSI/3bkGlzo4Qv pzAoe51cp4BTt6X2IQ5THuyy7R/JRjkYguZYdlpyTYDx2aADFetIsf+0ueyCDJzOIbML KK8zy51+4UBpG3qRn2Ml5UOR2UPyGIcGkiTXnui/cq5fFKmTjZvNefrpd1rxt9bRLqEa t1Gg==
MIME-Version: 1.0
Received: by 10.52.33.130 with SMTP id r2mr13168338vdi.43.1350588577605; Thu, 18 Oct 2012 12:29:37 -0700 (PDT)
Sender: benlaurie@gmail.com
Received: by 10.58.18.235 with HTTP; Thu, 18 Oct 2012 12:29:37 -0700 (PDT)
In-Reply-To: <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <tslzk3jsjv8.fsf@mit.edu> <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG> <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net>
Date: Thu, 18 Oct 2012 20:29:37 +0100
X-Google-Sender-Auth: sdY5WJUbQiqnfTlGZXDd8dcKofo
Message-ID: <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com>
From: Ben Laurie <ben@links.org>
To: Henry Story <henry.story@bblfish.net>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2012 19:29:40 -0000

On Thu, Oct 18, 2012 at 8:20 PM, Henry Story <henry.story@bblfish.net> wrote:
>
> On 18 Oct 2012, at 21:04, Mouse <mouse@Rodents-Montreal.ORG> wrote:
>
>>> [...]
>>> Unfortunately, I think that's too high of a price to pay for
>>> unlinkability.
>>> So I've come to the conclusion that anonymity will depend on
>>> protocols like TOR specifically designed for it.
>>
>> Is it my imagination, or is this stuff confusing anonymity with
>> pseudonymity?  I feel reasonably sure I've missed some of the thread,
>> but what I have seem does seem to be confusing the two.
>>
>> This whole thing about linking, for example, seems to be based on
>> linking identities of some sort, implying that the systems in question
>> *have* identities, in which case they are (at best) pseudonymous, not
>> anonymous.
>
> With WebID ( http://webid.info/ ) you have a pseudonymous global identifier,
> that is tied to a document on the Web that need only reveal your public key.
> That WebID can then link to further information that is access controlled,
> so that only your friends would be able to see it.
>
> The first diagram in the spec shows this well
>
>   http://webid.info/spec/#publishing-the-webid-profile-document
>
> If you put WebID behind TOR and only have .onion WebIDs - something that
> should be possible to do - then nobody would know WHERE the box hosting your
> profile is, so they would not be able to just find your home location
> from your ip-address. But you would still be able to link up in an access
> controlled manner to your friends ( who may or may not be serving their pages
> behind Tor ).
>
> You would then be unlinkable in the sense of
> http://tools.ietf.org/html/draft-iab-privacy-considerations-03
>
> [[
>       Within a particular set of information, the
>       inability of an observer or attacker to distinguish whether two
>       items of interest are related or not (with a high enough degree of
>       probability to be useful to the observer or attacker).
> ]]
>
> from any person that was not able to access the resources. But you would
> be linkable by your friends. I think you want both. Linkability by those
> authorized, unlinkability for those unauthorized. Hence linkability is not
> just a negative.

I really feel like I am beating a dead horse at this point, but
perhaps you'll eventually admit it. Your public key links you. Access
control on the rest of the information is irrelevant. Indeed, access
control on the public key is irrelevant, since you must reveal it when
you use the client cert. Incidentally, to observers as well as the
server you connect to.