- From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Date: Mon, 22 Oct 2012 18:41:40 +0100
- To: Ben Laurie <ben@links.org>
- CC: Ben Laurie <benl@google.com>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>, "public-webid@w3.org" <public-webid@w3.org>
On 22/10/2012 17:58, Ben Laurie wrote: > On Thu, Oct 18, 2012 at 8:18 PM, David Chadwick <d.w.chadwick@kent.ac.uk> wrote: >> Hi Ben >> >> I disagree. It depends upon your risk assessment. Your stand is like saying >> TLS should be the substrate, not http. > > Not at all. You can add security to an insecure connection. You cannot > add anonymity to an identified session. Once you have a session you have linkability. So if you want unlinkability there can be no concept of a session, which by its very nature, links a series of messages together. So when you want anonymity you switch from your existing session to using TOR or some other privacy protecting mechanism. regards David My stand is, in fact, like > saying that TCP should be the substrate, not TLS. > >> There are two alternative viewpoints. >> You can either start with the lowest security/privacy and add to it, or make >> the highest security/privacy the default and then take from it. So you >> should not necessarily mandate that U-Prove/Idemix are the default tokens, >> but rather only require them if your risk assessment says privacy protection >> is essential >> >> regards >> >> David >> >> >> On 18/10/2012 16:34, Ben Laurie wrote: >>> >>> On 9 October 2012 14:19, Henry Story <henry.story@bblfish.net> wrote: >>>> >>>> Still in my conversations I have found that many people in security >>>> spaces >>>> just don't seem to be able to put the issues in context, and can get >>>> sidetracked >>>> into not wanting any linkability at all. Not sure how to fix that. >>> >>> >>> You persist in missing the point, which is why you can't fix it. The >>> point is that we want unlinkability to be possible. Protocols that do >>> not permit it or make it difficult are problematic. I have certainly >>> never said that you should always be unlinked, that would be stupid >>> (in fact, I once wrote a paper about how unpleasant it would be). >>> >>> As I once wrote, anonymity should be the substrate. Once you have >>> that, you can the build on it to be linked when you choose to be, and >>> not linked when you choose not to be. If it is not the substrate, then >>> you do not have this choice. >>> >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag >
Received on Monday, 22 October 2012 17:42:14 UTC