Re: [saag] Liking Linkability

Ben Laurie <ben@links.org> Mon, 22 October 2012 16:58 UTC

Return-Path: <benlaurie@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFCE821F8B60 for <saag@ietfa.amsl.com>; Mon, 22 Oct 2012 09:58:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.852
X-Spam-Level:
X-Spam-Status: No, score=-2.852 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfywRT6lGt06 for <saag@ietfa.amsl.com>; Mon, 22 Oct 2012 09:58:37 -0700 (PDT)
Received: from mail-vc0-f172.google.com (mail-vc0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 8360F21F8A10 for <saag@ietf.org>; Mon, 22 Oct 2012 09:58:37 -0700 (PDT)
Received: by mail-vc0-f172.google.com with SMTP id fl11so3518400vcb.31 for <saag@ietf.org>; Mon, 22 Oct 2012 09:58:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=3RP+d92azWNYu3fB6b+TpL1yTcR/KZCQleJbXDA8ACc=; b=c71EmcmUT62OVgy4sMZl2sC7gFv92yDu6b7XBzrS3Qf958svfOi4F/u3FqWWFXfzFV pIlzJ2kdx3eSgVGMrCSpUxhczX/SED+ixLRd3O244QjuCE5fp3wZisekcdtDMT0mrz9+ u9bYmtliT0yNgef8ueLC1DV7fRblg1MfD0cJs0Vr9CZQ7jnYpRzhdMP0sREKlJzNjBwJ zVKUHBNkLxHQOpPk6UK4hujTslEP8KymnRh2u8GEeU5nb3aECr6Rzq123qaStT+Rc/LX UpOItqYUSplIShpcIwpeisxsCsMB8t7p34Skcho5nsD0KnBeuUYqVs+J6wKuYTTgtWgh 1iBQ==
MIME-Version: 1.0
Received: by 10.58.116.175 with SMTP id jx15mr17122830veb.6.1350925113638; Mon, 22 Oct 2012 09:58:33 -0700 (PDT)
Sender: benlaurie@gmail.com
Received: by 10.58.18.235 with HTTP; Mon, 22 Oct 2012 09:58:33 -0700 (PDT)
In-Reply-To: <50805611.2000904@kent.ac.uk>
References: <88F98DFD-EF7D-4444-A9C2-FB8E15F5DA89@bblfish.net> <3757D928-C3AE-4630-98E7-E30B5CC604B0@cisco.com> <C8B17065-FD7A-4E4C-B423-4FAB02A48A6D@bblfish.net> <7E1636E02F313F4BA69A428B314B77C708217189@xmb-aln-x12.cisco.com> <7ABCD095-4B09-40DD-A084-1BBE761CA72F@bblfish.net> <CABrd9SRqZN5Bm6rHmduUxXW4ED0yPTxU148Y3txLPjPhbA=hpQ@mail.gmail.com> <50805611.2000904@kent.ac.uk>
Date: Mon, 22 Oct 2012 17:58:33 +0100
X-Google-Sender-Auth: wF72rQGNFY_5LwWAPTbg_u52xDo
Message-ID: <CAG5KPzwF2pC_4MA-i5rZKX1oQH5yjJXvo1QMoK00CNbG-T31Tw@mail.gmail.com>
From: Ben Laurie <ben@links.org>
To: David Chadwick <d.w.chadwick@kent.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, "Klaas Wierenga \(kwiereng\)" <kwiereng@cisco.com>, "public-webid@w3.org" <public-webid@w3.org>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2012 16:58:40 -0000

On Thu, Oct 18, 2012 at 8:18 PM, David Chadwick <d.w.chadwick@kent.ac.uk> wrote:
> Hi Ben
>
> I disagree. It depends upon your risk assessment. Your stand is like saying
> TLS should be the substrate, not http.

Not at all. You can add security to an insecure connection. You cannot
add anonymity to an identified session. My stand is, in fact, like
saying that TCP should be the substrate, not TLS.

> There are two alternative viewpoints.
> You can either start with the lowest security/privacy and add to it, or make
> the highest security/privacy the default and then take from it. So you
> should not necessarily mandate that U-Prove/Idemix are the default tokens,
> but rather only require them if your risk assessment says privacy protection
> is essential
>
> regards
>
> David
>
>
> On 18/10/2012 16:34, Ben Laurie wrote:
>>
>> On 9 October 2012 14:19, Henry Story <henry.story@bblfish.net> wrote:
>>>
>>> Still in my conversations I have found that many people in security
>>> spaces
>>> just don't seem to be  able to put the issues in context, and can get
>>> sidetracked
>>> into not wanting any linkability at all. Not sure how to fix that.
>>
>>
>> You persist in missing the point, which is why you can't fix it. The
>> point is that we want unlinkability to be possible. Protocols that do
>> not permit it or make it difficult are problematic. I have certainly
>> never said that you should always be unlinked, that would be stupid
>> (in fact, I once wrote a paper about how unpleasant it would be).
>>
>> As I once wrote, anonymity should be the substrate. Once you have
>> that, you can the build on it to be linked when you choose to be, and
>> not linked when you choose not to be. If it is not the substrate, then
>> you do not have this choice.
>>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag