IETF Logo Mail Archive

Re: [saag] Liking Linkability

Henry Story <henry.story@bblfish.net> Fri, 19 October 2012 17:47 UTC

Return-Path: <henry.story@bblfish.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1192B21F8794 for <saag@ietfa.amsl.com>; Fri, 19 Oct 2012 10:47:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jeCYrF0bT2O0 for <saag@ietfa.amsl.com>; Fri, 19 Oct 2012 10:47:37 -0700 (PDT)
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id CA30E21F8538 for <saag@ietf.org>; Fri, 19 Oct 2012 10:47:36 -0700 (PDT)
Received: by mail-we0-f172.google.com with SMTP id u46so442030wey.31 for <saag@ietf.org>; Fri, 19 Oct 2012 10:47:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=thRPhYcff7B0JSKJh2gFRMTc51vteQP1PMilBT+E9p0=; b=e7OAu5uupshTMTTbj1OBs5F0n8Bw6YLXByWR8bv9uLlJgyftAhUDxasnPL9i8e6LhW lKpu1aw8qh1S/UyVAvMwgEbqBb5VO71dRXRPZxSIBywXzVW5nHn9tApm7WaKa8RBUduj hoFfBFNDDwM55XDbhxxMDUwslNRVC1yP4rZTMYUBsOHLU3lWa6q2Z+A+6oDN9rufXrx+ D5tidCQg6mZDaUxRexTMGD7btWaAAd1NmCYRbnwYIjBw75kF+Da8GM9bxxPFs3EOKnsY 6Ndj8/J+yltxdZYR8uQhXDSbWxiECx0RAJnWTnyxQF79Z2fONcqmdrnGWJVluce/0e6I Z39A==
Received: by 10.216.227.102 with SMTP id c80mr1185850weq.112.1350668855598; Fri, 19 Oct 2012 10:47:35 -0700 (PDT)
Received: from bblfish.home (AAubervilliers-651-1-132-122.w86-198.abo.wanadoo.fr. [86.198.99.122]) by mx.google.com with ESMTPS id b7sm35863793wiz.3.2012.10.19.10.47.25 (version=SSLv3 cipher=OTHER); Fri, 19 Oct 2012 10:47:33 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_C87CC88A-2143-4DA3-845D-4C1732934459"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Henry Story <henry.story@bblfish.net>
In-Reply-To: <50818E4F.3040104@openlinksw.com>
Date: Fri, 19 Oct 2012 19:47:23 +0200
Message-Id: <FDA73821-EA87-45E3-A87B-8D12036C8E38@bblfish.net>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <tslzk3jsjv8.fsf@mit.edu> <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG> <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net> <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com> <8AB0C205-87AE-4F76-AA67-BC328E34AF5E@bblfish.net> <CABrd9SQghpi6_rVQKxYXZDtM5HwvE7Kq7SUw5zi41ZRd3y2h9A@mail.gmail.com> <50818E4F.3040104@openlinksw.com>
To: Kingsley Idehen <kidehen@openlinksw.com>
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQk2kgjhQsHgXItiMlE7uW9mJ1wldTRAPglDCxUaHte0bYnOqem38TLfFMmo1+MHSTGaqnLD
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2012 17:47:38 -0000

On 19 Oct 2012, at 19:30, Kingsley Idehen <kidehen@openlinksw.com> wrote:

> On 10/19/12 9:31 AM, Ben Laurie wrote:
>>> >So perhaps it is up to you to answer: why should I not want that?
>> I am not saying you should not want that, I am saying that ACLs on the
>> resources do not achieve unlinkability.
>> 
> 
> You keep on saying this but I simply don't agree. I gave you an example of a PKCS#12 file sent to you and a phone call during which its access password is exchanged. How do you the recipient of that data even understand the basis of the data access policy associated with the protected resource to which it will provide access? You don't know the nature of my data access policy. It doesn't say: grant access to the subject of this certificate. But seem to assume that it can only test that claim when you repeat the claim above.

Kingsley: Ben is saying that you don't achieve unlinkability because the situations Ben Laurie is thinking of are those such as Wikileaks where you need to consider the site you are connecting to as the enemy. Even if all knew were your public key it could report that it has proven that someone knowing the private key of public key PK has connected.

Ben makes this clear in the e-mail here:
  http://lists.w3.org/Archives/Public/public-privacy/2012OctDec/0079.html

The answer is simple: 
  that is just a use case that WebID is not meant for. For such use cases any linkability is problematic. But we are trying to build a social web, so clearly linkability at some level is necessary for what we want to do.

Before you argue with someone about "linkability" problem, just ask them who they consider to be the enemy. Say if you considered yourself in the future to be the enemy, you'd have even more trouble coming up with a good solution. :-)


> 
> You don't know the logic behind my assessment of your nebulous identity. You aren't in my head. The beauty of logic is that it allows me express a good chunk of what's in my head via notation.
> 
> A machine is linkable via DNS. A document is linkable via an HTTP URL, I am not linkable because I (like you and every other human) is endowed with cognitive powers and the ability to exploit temporality. We are really difficult to pin down, even more so with the explosion of networking devices, software etc.. that are loosely associated with us.
> 
> I can't stop you using the words, but I can assure you that you claims are refutable via logic.
> 
> What I would really like you to do is point us to an working example of something that meets your goals. Then we have something to compare. Bottom line, somebody will learn something useful and everyone will be ultimately be better off etc..
> 
> Links:
> 
> 1. http://www.guardian.co.uk/commentisfree/belief/2009/jul/27/heidegger-being-time-philosophy 
> 2. http://twitpic.com/1g03vo/full -- you can't really pin down the entity depicted in that image, contrary to what you might think due to Web perception illusion.
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/

v2.23.0 | Report a Bug | By Email