On 10/21/12 5:17 PM, Dick Hardt wrote:
> On Oct 21, 2012, at 9:32 AM, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>
>> On 10/18/12 3:29 PM, Ben Laurie wrote:
>>> I really feel like I am beating a dead horse at this point, but
>>> perhaps you'll eventually admit it. Your public key links you. Access
>>> control on the rest of the information is irrelevant. Indeed, access
>>> control on the public key is irrelevant, since you must reveal it when
>>> you use the client cert. Incidentally, to observers as well as the
>>> server you connect to.
>>>
>> A public key links to a private key.
> A public key or private key *is* an identifier.
An together they make a composite key, an identifier.
> If there is a 1:1 mapping of public/private key pair to a user, and if the key pair is used at more than one place, then those places know it is the same user and the activities at each of those places is linked.
Yes, but I am not in anyway espousing the fact the the "user" is a known
entity as per your assumptions. The subject of an X.509 certificate is
who, whom, or what?
At best you can say there is an entity that is the subject of the graph
represented and imprinted to an X.509 certificate.
>
>> You are the one being utterly obstinate here.
> Not true … and I don't think that was a productive comment.
>
>> I encourage you to make you point with clear examples so that others can juxtapose your views and ours.
> Perhaps my explanation above makes the point clear to you.
Yes, but only to the point it clarifies we have strongly differing views
about "user" . In many houses today you have a single device used by
many nebulous entities. How do you pin down the activities of a specific
entity associated with some composite of: public key, private key, URI
in SAN, etc.? It isn't so easy.
Ultimately, the fact that we think in terms of "sites" and flawed
fingerprints remains part of the problem in this conversation.
Personally, we will be more constructive working with actual examples.
So far, Ben hasn't produced a single example for which I haven't
provided a clear response re. the use of structured data and logic to
surmount those problems.
Also note, when Henry mentioned Tor, he received the usual response. All
of sudden Tor by implications meant the subject was of dubious nature
even though the baseline was supposedly about no fingerprints
whatsoever, even at the packet routing level.
>
> -- Dick
>
>
--
Regards,
Kingsley Idehen
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen