Re: [saag] Liking Linkability
Henry Story <henry.story@bblfish.net> Sun, 21 October 2012 22:14 UTC
Return-Path: <henry.story@bblfish.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3439221F887A for <saag@ietfa.amsl.com>; Sun, 21 Oct 2012 15:14:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EjiFawadEV1o for <saag@ietfa.amsl.com>; Sun, 21 Oct 2012 15:14:10 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id B771621F855B for <saag@ietf.org>; Sun, 21 Oct 2012 15:14:09 -0700 (PDT)
Received: by mail-wi0-f172.google.com with SMTP id hq12so1563319wib.13 for <saag@ietf.org>; Sun, 21 Oct 2012 15:14:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=Ee0r5Qo0YxMu4Fa435acsT4IYOuENLb31mSkrdypTD4=; b=Yrh9F8YaAPQBz+5QOnPZ6RX65mzRWAFlLL2rKpFS/fB3sqvW8SFoYDR/wUNdBgd+gB VyJeFEipz29DdBDVkXg+uMC+AMO+TX8u1/eFavN/iwc2Iq/a8IXHKrLJ03QlKX5keZKt 7xnw5/YdrGaMwtbRxPoxMp6KyeTsf1Mw6hC7FAXzuHLdXmfOeO1Vu/wG8qW6KcMQJNBj WAqcNrMB67ys7vTzcOPOBfi44w0+06m6le/mSggA86hDtwd7Ohks18C7ymRZTCRLQxnB n436mhRA8SjNrh+s1+r7uYr8btGKOGmy1NQP1l+BYRuDLgOyWET4jCaPAB/D+VnMTlI9 f2dQ==
Received: by 10.180.99.99 with SMTP id ep3mr16736277wib.15.1350857648627; Sun, 21 Oct 2012 15:14:08 -0700 (PDT)
Received: from bblfish.home (AAubervilliers-651-1-132-122.w86-198.abo.wanadoo.fr. [86.198.99.122]) by mx.google.com with ESMTPS id w8sm47989860wif.4.2012.10.21.15.13.57 (version=SSLv3 cipher=OTHER); Sun, 21 Oct 2012 15:13:59 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_E03B4CA0-6319-49B8-9979-0A08AE5AF0DD"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Henry Story <henry.story@bblfish.net>
In-Reply-To: <8F8A1ABB-AB05-4DD0-8846-ECF333C3E782@gmail.com>
Date: Mon, 22 Oct 2012 00:13:56 +0200
Message-Id: <FFFD96E7-2D45-4BA3-8EE1-6BB55D3CCCEE@bblfish.net>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <tslzk3jsjv8.fsf@mit.edu> <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG> <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net> <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com> <5084238D.9040106@openlinksw.com> <8F8A1ABB-AB05-4DD0-8846-ECF333C3E782@gmail.com>
To: Dick Hardt <dick.hardt@gmail.com>
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQml06PQ+UYcKqT8hjcvlND1cOvrXbzIduQqwiKIqwYgAKdkLS5WupOl8oD+5HNGD1NM+N9V
X-Mailman-Approved-At: Mon, 22 Oct 2012 08:25:26 -0700
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Kingsley Idehen <kidehen@openlinksw.com>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Oct 2012 22:14:11 -0000
It would be nice if we could remove the ad-hominem attacks here. These issues can be worked out clearly and calmly by careful reasoning and attending to some existing definitions. Below I show how I agree with Dick Hard and Ben Laurie that public keys are identifiers. But the point of this thread entitled "Liking Linkability" is that this is not the problem to privacy that it is thought to be. Indeed my point is that linkability is very important to increase privacy.... On 21 Oct 2012, at 23:17, Dick Hardt <dick.hardt@gmail.com> wrote: > > On Oct 21, 2012, at 9:32 AM, Kingsley Idehen <kidehen@openlinksw.com> wrote: > >> On 10/18/12 3:29 PM, Ben Laurie wrote: >>> >>> I really feel like I am beating a dead horse at this point, but >>> perhaps you'll eventually admit it. Your public key links you. Access >>> control on the rest of the information is irrelevant. Indeed, access >>> control on the public key is irrelevant, since you must reveal it when >>> you use the client cert. Incidentally, to observers as well as the >>> server you connect to. >>> >> A public key links to a private key. > > A public key or private key *is* an identifier. If there is a 1:1 mapping of public/private key pair to a user, and if the key pair is used at more than one place, then those places know it is the same user and the activities at each of those places is linked. Note Dick, that I (Henry Story) agree with you and Ben Laurie here: A public key is an identifier. If you use the same public key to identify yourself at various sites then those sites can link you. This may be what you do intend to do though, and so this is not a priori a bad thing. Which is why the title of this post is "Liking Linkability". In this thread my argument has consisted in a making two points: 1. that showing someone an identifier - be it public key or other string with an inverse functional relation to an agent - may not be a linkability problem ( because you may not consider the agent receiving the information as the enemy ) 2. Show how linkability is important for privacy 1. linkability -------------- If we look at the definition given of linkability in https://tools.ietf.org/html/draft-hansen-privacy-terminology-03 it says: [[ Definition: Unlinkability of two or more Items Of Interest (e.g., subjects, messages, actions, ...) from an attacker's perspective means that within a particular set of information, the attacker cannot distinguish whether these IOIs are related or not (with a high enough degree of probability to be useful). ]] It is defining unlinkability in terms of "two or more items of interest from an attacker's perspective". So my point is simply: who is the attacker? If you make the site you are authenticating to with OpenID, BrowserId, or WebID be considered the attacker then you should not use any of those technologies. If on the other hand you consider that those sites are *not* the attacker - because say, you only give them your identity when you are sure that you want to do so - then the negative linkability claim cannot be made according to the above definition. Or at the very least it is a very different problem at that point: if you exclude the site you are authenticating to as the enemy, then identifying yourself with your public key is not a linkability problem according to the above definition. It would be if some other agent listening in on the conversation could surmise your public key. They would then be able to know that you talked to site B. (If they also knew the content of the conversation then they would know even more, and your privacy problem would indeed be greater) 2. linkability's importance to privacy -------------------------------------- I then argued that one cannot make a simple claim that linkability is a bad thing. In fact there are good reasons to believe that certain types of linkability are very important to create distributed social networks - which I call the social web. A Social Web would clearly be a big improvement for privacy over how things are being done currently. I don't want to repeat this whole thread here since that was the argument I made in the initial post in this thread which is archived here: http://lists.w3.org/Archives/Public/public-privacy/2012OctDec/0003.html > >> You are the one being utterly obstinate here. > > Not true … and I don't think that was a productive comment. I don't think that comment is fruitful either. This case can be argued well without ad-hominem attacks. > >> I encourage you to make you point with clear examples so that others can juxtapose your views and ours. > > Perhaps my explanation above makes the point clear to you. > > -- Dick Social Web Architect http://bblfish.net/
- [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Klaas Wierenga (kwiereng)
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Josh Howlett
- Re: [saag] Liking Linkability Sam Hartman
- Re: [saag] Liking Linkability Mouse
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Harry Halpin
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability Sam Hartman
- Re: [saag] Liking Linkability Mo McRoberts
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Sam Hartman
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Harry Halpin
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability Dan Brickley
- Re: [saag] Liking Linkability David Chadwick
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Robin Wilton
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Ben Laurie
- Re: [saag] Liking Linkability Henry Story
- Re: [saag] Liking Linkability Robin Wilton
- Re: [saag] Liking Linkability Nathan
- Re: [saag] Liking Linkability Melvin Carvalho
- Re: [saag] Liking Linkability Melvin Carvalho