Re: Interledger and Privacy from Evan Schwartz on 2015-10-20 (public-interledger@w3.org from October 2015)

From: Evan Schwartz <evan@ripple.com>
Date: Tue, 20 Oct 2015 09:07:32 -0700
To: public-interledger@w3.org
Message-ID: <562666C4.7040709@ripple.com>
I would definitely argue for having a multitude of different types of
connectors. Diversity would contribute a lot to the competitiveness and
robustness of the system.

We do need ways to keep track of and rate the performance of connectors.
Exactly how to do this could be a major topic for this group to discuss.
If people access ILP through their financial institution, the FI might
track and select connectors and paths. If ledgers and connectors expose
APIs that people can use directly (or through some client software) the
data on different connectors would need to be tracked in a way that's
more publicly accessible.

An important note on connectors and escrow. Is it the /ledger/, not the
connector that is responsible for escrowing funds. Connectors are not
trusted and we use escrow specifically to protect the sender from
malicious connectors. We assume that each ledger is trustworthy enough
to hold funds in escrow, as each participant in a payment already trusts
their ledgers to track their balances for them. You always bear some
risk when you choose to hold funds in an account on a ledger, and those
risks will vary from ledger to ledger, but you get to choose your ledger.

If we're talking about what kind of identity systems are needed for ILP
to work, I think we need to separate discovery from authentication and
authorization. Discovery (how the sender finds where the recipient would
like to be paid) /may /be part of our discussions but it is arguably
outside the scope of ILP itself. I think ILP should assume that the
sender already knows where the recipient would like to be paid.

Regarding authentication and authorization, that is up to the ledgers.
Trying to standardize security measures across different ledgers seems
somewhat hopeless to me. The requirements for banks, cryptocurrencies,
and other types of ledgers will always be different and they will always
use different mechanisms for identifying their account holders. Some
ledgers will use multi-factor authentication, others won't. Security,
however, will definitely play a part in how users select the ledgers
they want to hold balances on.

Keep the questions and ideas coming everyone!

On 10/20/15 8:29 AM, Arie Yehuda Levy Cohen wrote:
> Good point Dave; I wonder what everyone thinks about that?
>
> Also, and riding on your initiative to start a discussion via this
> channel (which is the idea), here are some thoughts/questions to add
> to the discussion;
>
>  1. how do we vet "trust" of the connectors?
>  2. in a world of risk mitigation and systemic risk exposure, would it
>     be safe to say that having different types of connectors is wise?
>       * ie; banks in all jurisdictions
>           * wire houses v regional
>           * commercial v IB's
>       * cpa's, accountants
>       * lawyers/barristers
>  3. would there be a need to rate these connectors or give them a
>     "score" akin to rating agencies?
>       * on speed / response time?
>       * proactivity and accountability?
>       * crypto escrow insurance?
>  4. given the connector ultimately holds the money for however long in
>     "escrow":
>       * is there counterparty risk relative to where the escrow money
>         sits (call it escrow risk??)?
>       * could central banks play a role here?
>       * IMF / BIS?
>  5. in the case of Identity being critical, would there not be a
>     strong case for Security?
>       * dynamic keys?
>       * 3FFA?
>
>
> --
>
> Heritage & Legacy Advisory | Multi-Generational Wealth Preservation
>  
> ARIE Y. LEVY-COHEN
> FINANCIAL ADVISOR | INTERNATIONAL CLIENT ADVISOR
> PRIVATE WEALTH MANAGEMENT | NEW YORK
> ECONOMICS | FINANCE | BLOCKCHAIN TECH
> P: 917.692.6999
>
> On Tue, Oct 20, 2015 at 11:17 AM, Dave Longley
> <dlongley@digitalbazaar.com <mailto:dlongley@digitalbazaar.com>> wrote:
>
>     All,
>
>     I asked a question during the interledger presentation inquiring about
>     what information is leaked about senders/recipients to connectors. The
>     question was answered from the perspective of an "altruistic"
>     connector,
>     essentially that connectors don't need to know all that much so
>     they'll
>     only use whatever is necessary to help complete a payment.
>
>     However, I was thinking more of rational or byzantine connectors. Is
>     there anything in the protocol to discourage entities from creating
>     connectors that provide cheap paths to complete payments -- so
>     that they
>     can, for instance, track (and potentially sell) sender or recipient
>     behavior? Is there anything in the protocol to help protect privacy?
>
>     While it appears that the protocol does a lot to guard against
>     adversaries that seek to attack the payments themselves, but what
>     about
>     other attacks or "abuse" of meta-data? By introducing third parties
>     (connectors) into the payments process, there may be other undesirable
>     behaviors that aren't directly related to payments that need to be
>     mitigated.
>
>
>     -- 
>     Dave Longley
>     CTO
>     Digital Bazaar, Inc.
>     http://digitalbazaar.com
>
>
Received on Tuesday, 20 October 2015 16:08:30 UTC