Re: unlinkability from Melvin Carvalho on 2012-10-07 (public-webid@w3.org from October 2012)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sun, 7 Oct 2012 21:16:10 +0200
To: Henry Story <henry.story@bblfish.net>
Cc: "public-webid@w3.org" <public-webid@w3.org>
Message-ID: <CAKaEYh+st5GaFJez5zjm4ctBPcBntVti6Fc_xHJVXLtzrC7P-Q@mail.gmail.com>
On 6 October 2012 12:03, Henry Story <henry.story@bblfish.net> wrote:

>
> On 6 Oct 2012, at 12:01, Melvin Carvalho <melvincarvalho@gmail.com> wrote:
>
>
>
> On 6 October 2012 11:42, Henry Story <henry.story@bblfish.net> wrote:
>
>>
>> On 6 Oct 2012, at 11:39, Melvin Carvalho <melvincarvalho@gmail.com>
>> wrote:
>>
>>
>>
>> On 6 October 2012 11:25, Henry Story <henry.story@bblfish.net> wrote:
>>
>>> >>
>>> >> (1) I think solves the unlinkability problem
>>> >
>>> > Can you explain what the unlinkeability problem is? Or for who it is a
>>> problem?
>>> >
>>> > 4.  Unlinkability
>>> >
>>> >    Definition:  Unlinkability of two or more Items Of Interest (e.g.,
>>> >       subjects, messages, actions, ...) from an attacker's perspective
>>> >       means that within a particular set of information, the attacker
>>> >       cannot distinguish whether these IOIs are related or not (with a
>>> >       high enough degree of probability to be useful).
>>> >
>>> > This is something Harry brought up.
>>>
>>> Can you explain why it is problematic. It is not because he brought it up
>>> that it is problematic right? Or is he someone who sets the standards
>>> of what is or is not problematic? Through what authority?
>>>
>>
>> Harry stressed that this was a key consideration to him.  As an
>> influential member of the social web (he was chair of the W3C Social Web
>> XG), I would consider his opinions important.  His complain was that he
>> raised this before, and that the webid group did not look at it.
>>
>>
>> But you have not summarised in your own words what his complaint is. So
>> how do you know we did not answer it?
>>
>>
>> If we, as a group, are able to address such concerns, or show that we
>> have evaluated them and proven then are non issues (for example in a FAQ),
>> it may help bring the benefits of WebID to a wider audience.
>>
>>
>> That is why I ask you to express in your words what the problem is, and
>> see if you can come up with an answer to the
>> problem. And indeed we should add this on a list of question and answers
>> that comes up.
>>
>
> I have quoted the passage cited by Hannes, Harry and others.
>
>
> yes, but you have to develop that passage and see how it applies to WebID.
> It is not an obvious passage at all, and it is not clear it applies at all
> to WebID.
>
> It's something we (as a group) have been asked to look at.  In truth, it's
> been quite a hard conversation to follow as there were many replies and
> points raised in a short period of time.  I dont know if unlinking the
> public key from the URI provides more 'unlinkability', it was just a
> suggestion.
>
>
>
> But it seems unclear to me that the concerns have been addressed.
>
>
> Well I did in fact answer that mail. But I am going to send out a new mail
> right now, to make sure it is clear.
>
> Certainly there was no acknowledgement of that.
>
>
> By whome? By Harry? He never acknowledges mails that don't go in his
> direction.
>

OK, I've managed to look through a lot of this now.

Unlinkability seems to be useful when you want to provide anonymity or
pseudo anonymity.

Both valuable use cases.

I am guessing the perception of those that have never tried webid may be
that the certificate is sent *every* time.

This can be avoided as follows:

- Do not send a cert when the popup arises
- Use a different browser
- We create a public cert at http://webid.info/#anon

Pseudo anonymous identifies can be provisioned by WebID

- One cert per identity

Linkabiity is desirable in many cases as stated in the final paragraph of
the IETF draft.

BrowserID aka persona seems not to solve this issue as the cert sends:

- The user's email address.
- The user's public key for that address on that browser.
- The time that the certificate was issued.
- The time that the certificate expires.
- The IdP's domain name.

Additionally your webmail provider and/or mozilla can impersonate you as
they control your private key server side.  By extension any agency that
requests information from your webmail provider or mozilla can view your
external data.

Furthermore, your webmail provider and/or mozilla can sign you up for any
services offered by a relying party *without you even knowing*.  This is
quite scary in privacy terms and has me thinking twice whether I want to
use BrowserID as a fallback to WebID, as was my original intention.
Perhaps let the user decide.

Maybe we should add these points to an FAQ


>
> Perhaps it is the nature of mailing lists that it can be challenging to
> know when a consensus is reached or a problem has been solved.
>
>
>>
>> Henry
>>
>>
>>
>>
>>>
>>> Henry
>>>
>>> Social Web Architect
>>> http://bblfish.net/
>>>
>>>
>>
>>  Social Web Architect
>> http://bblfish.net/
>>
>>
>
> Social Web Architect
> http://bblfish.net/
>
>
Received on Sunday, 7 October 2012 19:16:38 UTC