IETF Logo Mail Archive

Re: [saag] Liking Linkability

Henry Story <henry.story@bblfish.net> Wed, 24 October 2012 15:00 UTC

Return-Path: <henry.story@bblfish.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABED121F8A2F for <saag@ietfa.amsl.com>; Wed, 24 Oct 2012 08:00:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.272
X-Spam-Level:
X-Spam-Status: No, score=-3.272 tagged_above=-999 required=5 tests=[AWL=0.326, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jVZb1coVpWmx for <saag@ietfa.amsl.com>; Wed, 24 Oct 2012 08:00:36 -0700 (PDT)
Received: from mail-ea0-f172.google.com (mail-ea0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id CF55221F8A2D for <saag@ietf.org>; Wed, 24 Oct 2012 08:00:27 -0700 (PDT)
Received: by mail-ea0-f172.google.com with SMTP id k13so228800eaa.31 for <saag@ietf.org>; Wed, 24 Oct 2012 08:00:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=Dd9+MA7W/m/AaHEVs9kwNVNJTaTcmZL+F2GlszhciBE=; b=N5jLbhLHLqgZZknk8YXKNMSGzrVoQWxAHfT6ccDMPxLHR6UKBXZGhaaD2iv1Nmabr0 B388SalCKKCYNvA6o2UPGEuyQrgKN1xyhgtN6EZsF5JaUFLrf/BVN16JLam3cuFtGQKz jIohbOnvUNzVLbsY1q7pTydrEJJeXwbKPx3LkJB3uok795mdh7mHAOvG8jCnAOrPSxeW grHjLStvGGHqCjESbshyARHAMvM4cBAkZGFEz9eo4czQy3+85bFdF1kNZTZEfZICsUBl 3h51FjU0odqDLkBBSgCgj4iJjqz7M/c5X6yu/VdiTn/ra7YTVhUH54K/wXwb4B5DpzJ/ 8uPw==
Received: by 10.14.215.69 with SMTP id d45mr21824949eep.16.1351090826767; Wed, 24 Oct 2012 08:00:26 -0700 (PDT)
Received: from bblfish.home (AAubervilliers-651-1-132-122.w86-198.abo.wanadoo.fr. [86.198.99.122]) by mx.google.com with ESMTPS id a44sm12780339eeo.7.2012.10.24.08.00.23 (version=SSLv3 cipher=OTHER); Wed, 24 Oct 2012 08:00:25 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_CE2125B7-DD8E-4565-A599-A00169A79E72"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Henry Story <henry.story@bblfish.net>
In-Reply-To: <CAKaEYhKhkeNLe6LC5fgtjcZZ-L4FbpXDujRzn3zpwNOgNY=HBg@mail.gmail.com>
Date: Wed, 24 Oct 2012 17:00:21 +0200
Message-Id: <43EEDAE2-6E5F-4D2E-BC1E-516408DCD3CC@bblfish.net>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <CABrd9SQghpi6_rVQKxYXZDtM5HwvE7Kq7SUw5zi41ZRd3y2h9A@mail.gmail.com> <4324B524-7140-49C0-8165-34830DD0F13B@bblfish.net> <CABrd9SQU1uYVaVPedokHxeYkT=759rkPFfimWK1Z8ATzo3yNFA@mail.gmail.com> <5083CCCF.2060407@webr3.org> <50842789.3080301@openlinksw.com> <50845268.4010509@webr3.org> <5084AC77.8030600@openlinksw.com> <50851512.9090803@webr3.org> <CABrd9SRNVLbWxifQAQ6iuX4qMeFmZVD6rO_q=L348G1UZzr9tg@mail.gmail.com> <50852726.9030102@openlinksw.com> <CABrd9SQ3KTqHq1hOfbLAU5hfgNyqCPK4u+ToEda+VtQ5S0utwA@mail.gmail.com> <5085360E.3080008@openlinksw.com> <50853CD8.8020005@w3.org> <5FB468E4-BDD3-4635-ACD0-A23540C08751@bblfish.net> <508562C2.1060905@w3.org> <3EF3A430-A6C5-4ADE-92B5-0744DFFD326B@isoc.org> <CABrd9SQxy3GjKekrrCPikqRBt4z2PdzbOhzZUsDC6asZNSiu0A@mail.gmail.com> <E8AC244A-1D90-49F2-BD8A-2CF13E11D4B7@isoc.org> <5087D92D.8000207@webr3.org> <5087F51D.3040503@openlinksw.com> <CAKaEYhKhkeNLe6LC5fgtjcZZ-L4FbpXDujRzn3zpwNOgNY=HBg@mail.gm ail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQm1JcrVFOjSiWl5rsaPTV/OT6iotnwvpd85QlYTWGRNEkHOF5ET5D84RIcgK6eBh6b7r8+x
Cc: Robin Wilton <wilton@isoc.org>, public-identity@w3.org, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org list" <public-privacy@w3.org>, public-webid@w3.org
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2012 15:00:37 -0000

On 24 Oct 2012, at 16:24, Melvin Carvalho <melvincarvalho@gmail.com> wrote:

> 
> 
> On 24 October 2012 16:03, Kingsley Idehen <kidehen@openlinksw.com> wrote:
> On 10/24/12 8:03 AM, Nathan wrote:
> Robin Wilton wrote:
> 
> 
> 
> 
> On 24 Oct 2012, at 10:30, Ben Laurie wrote:
> 
> On 23 October 2012 10:58, Robin Wilton <wilton@isoc.org> wrote:
> 
> On 23 Oct 2012, at 09:44, Ben Laurie wrote:
> 
> <snip>
> 
> 
> Not disagreeing with any of the above, but observing that:
> 
> a) There's no particular reason you could not have an email per site
> as well as a key per site.
> 
> b) Linkability it not, as you say, inherently bad. The problem occurs
> when you have (effectively) no choice about linkability.
> 
> 
> 
> But it's very hard to use either of those mechanisms (separation through
> emails or keys) without giving some third party the ability to achieve total
> linkability. (In other words, both options remove effective choice).
> I agree that emails are a problem, but not at all sure why keys are?
> In the case of appropriate selective disclosure mechanisms, even if
> there were a third party involved, they would not be able to link uses
> of the keys. Also, if you insist on using linkable keys, then per-site
> keys do not involve third parties.
> 
> 
> It may just be that I'm not getting a clear mental picture of your architecture. But here was my thinking:
> - If you use symmetric keys, you get a system which can't scale unless you opt for Schneier's idea of a key server… but then the key server becomes a point of potential panopticality.
> 
> - If you use PKI, *and* you want your communicating parties to be able to validate the certs they're relying on, then you have to design a CRL- or OCSP-like mechanism into the architecture, and again you end up with a component which is potentially panoptical. (Plus, you have to address the 20-year-old problem of how to make PKI usable by human beings, when recent history suggests that PKI only takes off where human beings are kept well away from it).
> 
> CRL is pretty much built in to WebID, if you remove a public key from the document pointed to by your uri-identifier, then it's no longer valid for use in WebID - auth can't happen, rendering the cert useless for WebID.

+1 Nathan. 

( btw. It is always good to point people to the spec too http://webid.info/spec is the short url for it. )

> 
> 
> 
> 
> For sake of clarity, Nathan is speaking about the WebID authentication protocol.
> 
> A WebID on its own refers to an resolvable (de-referencable) identifier. The WebID protocol verifies the aforementioned identifier (entity denotation mechanism) via a combination of cryptography and entity relationship semantics oriented logic.
> 
> Kingsley, thanks for pointing this out.
> 
> I think some of the confusion arises from the fact that a webid is sometimes not that clearly defined, and people focus on the protocol.

The spec has a definition that seems pretty reasonable, ( though I think we should remove the reference to "intentions" )

http://www.w3.org/2005/Incubator/webid/spec/#terminology

WebID
A URI that refers to an Agent - Person, Robot, Group or other thing that can have Intentions. The WebID should be a URI which when dereferenced returns a representation whose description uniquely identifies the Agent who is the controller of a public key. In our example the WebID refers to Bob. A WebID is usually a URL with a #tag, as the meaning of such a URL is defined in the document refered to by the WebID URL without the #tag .


> 
> In particular a WebID is a URI that references an Agent (human or machine)
> 
> Similarly, email will become WebIDs using the webfinger spec (when that's complete)
> 
> It can be argued that OAuth/OpenID identifiers are also WebID but with a different auth protocol.
> 
> Mozilla persona, although certainly useful, would possibly not fit into the same category, as they use a proprietary identification system. 
> 
> The whole idea is that WebID brings things together at an architectural level.  "The WebID Protocol", certs, X.509 are implementation details really.

I would not say just implementation details. From the philosophical theory of reference 
( eg: Gareth Evans's book: The variety of Reference ) they may be, but in everyday usage 
how these things are implemented is quite important, and so are the distinctions.

According to the WebID spec definition:
 - OpenID is close [1] though they have a URL for a web page rather than an agent (not a big deal), but more importantly they don't make use of the URL to get the attributes, which is what WebID does. They certainly don't publish the public key in the OpenId profile.
 - webfinger does indeed give a method to dereference a mailto: uri, which could be used for a WebID protocol.
 - I don't think OAuth is working with URIs at all
 - Mozilla Persona could use WebIDs [2] and it would improve their protocol so dramatically, it is evident that they will at some point.

  Henry

[1] https://blogs.oracle.com/bblfish/entry/what_does_foaf_ssl_give
[2] http://security.stackexchange.com/questions/5406/what-are-the-main-advantages-and-disadvantages-of-webid-compared-to-browserid

>  
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen 
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/

v2.23.0 | Report a Bug | By Email