- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Sat, 20 Feb 2016 14:41:03 +1100
- To: Dave Longley <dlongley@digitalbazaar.com>
- Cc: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAM1Sok1GHXJtWrzcYZaWaWuWg-anzjnbqmFQFESw=dD_JHBd0Q@mail.gmail.com>
On 19 February 2016 at 05:29, Dave Longley <dlongley@digitalbazaar.com> wrote: > On 02/18/2016 12:50 PM, Timothy Holborn wrote: > >> So, >> >> I assume apple[1] can decrypt it. >> > > I think that's a big assumption. Have they said that? I don't know how > they do their encryption, but if they are using symmetric encryption > where the key is derived from a password only the user knows, then, no, > they can't decrypt it. Unless the password is easily guessable, it's not > feasible to brute force attack the encryption. > > So, the issue is how to trust gov? Locally or internationally? >> >> Couldn't a bunch of approved credentials be used to present something >> at the phone that in-turn allows that device to say, recognise the >> president said - executive orders - open it. >> > > You could do two forms of encryption: one for the user and one using a > public key owned and protected by the government. Of course, then the > government can read everyone's private data. > > I suppose you could require a credential from a court (signed by the > court's public key) indicating a court order was granted to the > government in order to use their key to read the data ... but it's all a > little unclear as to whether or not these protections would actually be > followed, or rather, if they weren't, that a violation of them could be > easily detected. > > Wouldn't a 'pingback' like mechanism be possible for the use of RDF marked-up documents, perhaps using a mechanic that provides a unique ontological reference for that document, referenced in relation to signatures? In effect, produce a private ledger associated to the use of credential instruments for specified purposes, et.al. Also noting the packaging of 'signed claims' and related capabilities. I believe some areas of law-enforcement require means in which the subject is unaware of an 'active case' (as i think it's called) relating to them. Yet, I think an argument to say that save particular circumstances, the citizen has the right to know / accountability systems, seems to be a far better concept than to say 'no access under any circumstances'. I also envisage these sorts of considerations to be a driver for much of the functionality provided by BlockChain technologies. We won't be able to have a meaningful conversation that aids those in the business of law; unless we get away from the 'all or nothing' styled arguments. At the end of the day, we couldn't promise 100% anonymity nor are we able to claim 100% secure. > -- > Dave Longley > CTO > Digital Bazaar, Inc. > http://digitalbazaar.com >
Received on Saturday, 20 February 2016 03:42:11 UTC