Re: [saag] Liking Linkability

Ben Laurie <ben@links.org> Sun, 21 October 2012 16:49 UTC

Return-Path: <benlaurie@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D01921F89C6 for <saag@ietfa.amsl.com>; Sun, 21 Oct 2012 09:49:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.81
X-Spam-Level:
X-Spam-Status: No, score=-2.81 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u6gl9TaD97vd for <saag@ietfa.amsl.com>; Sun, 21 Oct 2012 09:49:55 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 719C021F89B7 for <saag@ietf.org>; Sun, 21 Oct 2012 09:49:55 -0700 (PDT)
Received: by mail-vb0-f44.google.com with SMTP id fc26so2382874vbb.31 for <saag@ietf.org>; Sun, 21 Oct 2012 09:49:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=rfb9/xVYAP3v288ew7gJxuHEHttBHAcoaFcwmK0cD0Y=; b=DJEL2gExIBZYlZkF34MFl8IBHKmgNrNIjeuDU1m+/1c6xijEVTFwzyuedwWKH9uvYi S+JD5C5c4H4nDMt2lrGhRrDu2mVEuUblpZ9oEfUTEtRxS0259WPtxsS/p4ufMkg4Lslc c9HmaNjwpzgzvHWMI6e2XRg6AZCui5wsOEvGBB0cwoMaZRbp7L/MQ8tJ+6rJ+uk/Rys9 rFdST3Bg8zFpqKn6VSn6Ut6UCCLtlPOSc+JrZWKgD/rzUsFmiED8ftj0qdOcbwbD3p7t 8uJXHJBjJCRa8+xIuUwSZe4rJUXNUoGos9XS8IRltqdtfR2UW/97etL8S6hw9y/e0FoN w8tw==
MIME-Version: 1.0
Received: by 10.220.39.206 with SMTP id h14mr654386vce.41.1350838194873; Sun, 21 Oct 2012 09:49:54 -0700 (PDT)
Sender: benlaurie@gmail.com
Received: by 10.58.18.235 with HTTP; Sun, 21 Oct 2012 09:49:54 -0700 (PDT)
In-Reply-To: <5084238D.9040106@openlinksw.com>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <tslzk3jsjv8.fsf@mit.edu> <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG> <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net> <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com> <5084238D.9040106@openlinksw.com>
Date: Sun, 21 Oct 2012 17:49:54 +0100
X-Google-Sender-Auth: pcROWQz6YSVsn_8ROwG_iRngD08
Message-ID: <CAG5KPzweMZzS=8tWbExm_xc1Yfi8Zi=2P8gkYnUf0WDKvJEj_Q@mail.gmail.com>
From: Ben Laurie <ben@links.org>
To: Kingsley Idehen <kidehen@openlinksw.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Oct 2012 16:49:56 -0000

On Sun, Oct 21, 2012 at 5:32 PM, Kingsley Idehen <kidehen@openlinksw.com> wrote:
> On 10/18/12 3:29 PM, Ben Laurie wrote:
>>>
>>> from any person that was not able to access the resources. But you would
>>> >be linkable by your friends. I think you want both. Linkability by those
>>> >authorized, unlinkability for those unauthorized. Hence linkability is
>>> > not
>>> >just a negative.
>>
>> I really feel like I am beating a dead horse at this point, but
>> perhaps you'll eventually admit it. Your public key links you. Access
>> control on the rest of the information is irrelevant. Indeed, access
>> control on the public key is irrelevant, since you must reveal it when
>> you use the client cert. Incidentally, to observers as well as the
>> server you connect to.
>>
>>
>>
>>
> A public key links to a private key.
>
> It could also link to a machine -- due to resolvable machine names on the
> Internet due to DNS .
>
> It could also link to composite of a machine, user agent, and referrer
> document -- due to resolvable document names on the Web of Documents due to
> HTTP.
>
> It doesn't provide the high precision link that you speculate about
> (repeatedly) re. a Web of Linked Data -- since the referent of a Linked Data
> URI is potentially nebulous e.g., entities "You" and "I" .

Ah, I agree that the key does not inherently link back to a particular
person. What it links is the various interactions that occur under the
identity represented by that key. As we know from various anonymity
disasters (the AOL search terms and Netflix incidents being the best
known), it is not hard, in practice, to go back from those
interactions to the person behind them.

To be clear: linkability does _not_ refer to the ability to link
events to people (or machines). It refers to the ability to link
events to each other. The reason linkability is a privacy problem is
that it turns out that in practice you do not need very many linked
events to figure out who was behind them.

I am sorry if that has not been clear from the start.

> I know you don't want to concede this reality, but stop making it sound like
> those that oppose your view are simply being obstinate. You are the one
> being utterly obstinate here. I encourage you to make you point with clear
> examples so that others can juxtapose your views and ours.
>
> Back to you.
>
>
>
> --
>
> Regards,
>
> Kingsley Idehen
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
>
>
>
>