Re: [saag] Liking Linkability from Kingsley Idehen on 2012-10-22 (public-privacy@w3.org from October to December 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Sun, 21 Oct 2012 22:24:32 -0400
To: Dick Hardt <dick.hardt@gmail.com>
CC: Ben Laurie <ben@links.org>, Henry Story <henry.story@bblfish.net>, Mouse <mouse@rodents-montreal.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
Message-ID: <5084AE60.4040903@openlinksw.com>

On 10/21/12 5:17 PM, Dick Hardt wrote:
> On Oct 21, 2012, at 9:32 AM, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>
>> On 10/18/12 3:29 PM, Ben Laurie wrote:
>>> I really feel like I am beating a dead horse at this point, but
>>> perhaps you'll eventually admit it. Your public key links you. Access
>>> control on the rest of the information is irrelevant. Indeed, access
>>> control on the public key is irrelevant, since you must reveal it when
>>> you use the client cert. Incidentally, to observers as well as the
>>> server you connect to.
>>>
>> A public key links to a private key.
> A public key or private key *is* an identifier.

An together they make a composite key, an identifier.

>   If there is a 1:1 mapping of public/private key pair to a user, and if the key pair is used at more than one place, then those places know it is the same user and the activities at each of those places is linked.

Yes, but I am not in anyway espousing the fact the the "user" is a known 
entity as per your assumptions. The subject of an X.509 certificate is 
who, whom, or what?

At best you can say there is an entity that is the subject of the graph 
represented and imprinted to an X.509 certificate.
>
>>   You are the one being utterly obstinate here.
> Not true … and I don't think that was a productive comment.
>
>> I encourage you to make you point with clear examples so that others can juxtapose your views and ours.
> Perhaps my explanation above makes the point clear to you.

Yes, but only to the point it clarifies we have strongly differing views 
about "user" .  In many houses today you have a single device used by 
many nebulous entities. How do you pin down the activities of a specific 
entity associated with some composite of: public key, private key, URI 
in SAN, etc.? It isn't so easy.

Ultimately, the fact that we think in terms of "sites" and flawed 
fingerprints remains part of the problem in this conversation.

Personally, we will be more constructive working with actual examples. 
So far, Ben hasn't produced a single example for which I haven't 
provided a clear response re. the use of structured data and logic to 
surmount those problems.

Also note, when Henry mentioned Tor, he received the usual response. All 
of sudden Tor by implications meant the subject was of dubious nature 
even though the baseline was supposedly about no fingerprints 
whatsoever, even at the packet routing level.

>
> -- Dick
>
>

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Monday, 22 October 2012 02:24:58 UTC