W3C home > Mailing lists > Public > public-webid@w3.org > October 2012

Re: [saag] Liking Linkability

From: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Mon, 22 Oct 2012 18:41:40 +0100
Message-ID: <50858554.1070103@kent.ac.uk>
To: Ben Laurie <ben@links.org>
CC: Ben Laurie <benl@google.com>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>, "public-webid@w3.org" <public-webid@w3.org>

On 22/10/2012 17:58, Ben Laurie wrote:
> On Thu, Oct 18, 2012 at 8:18 PM, David Chadwick <d.w.chadwick@kent.ac.uk> wrote:
>> Hi Ben
>> I disagree. It depends upon your risk assessment. Your stand is like saying
>> TLS should be the substrate, not http.
> Not at all. You can add security to an insecure connection. You cannot
> add anonymity to an identified session.

Once you have a session you have linkability.
So if you want unlinkability there can be no concept of a session, which 
by its very nature, links a series of messages together. So when you 
want anonymity you switch from your existing session to using TOR or 
some other privacy protecting mechanism.



  My stand is, in fact, like
> saying that TCP should be the substrate, not TLS.
>> There are two alternative viewpoints.
>> You can either start with the lowest security/privacy and add to it, or make
>> the highest security/privacy the default and then take from it. So you
>> should not necessarily mandate that U-Prove/Idemix are the default tokens,
>> but rather only require them if your risk assessment says privacy protection
>> is essential
>> regards
>> David
>> On 18/10/2012 16:34, Ben Laurie wrote:
>>> On 9 October 2012 14:19, Henry Story <henry.story@bblfish.net> wrote:
>>>> Still in my conversations I have found that many people in security
>>>> spaces
>>>> just don't seem to be  able to put the issues in context, and can get
>>>> sidetracked
>>>> into not wanting any linkability at all. Not sure how to fix that.
>>> You persist in missing the point, which is why you can't fix it. The
>>> point is that we want unlinkability to be possible. Protocols that do
>>> not permit it or make it difficult are problematic. I have certainly
>>> never said that you should always be unlinked, that would be stupid
>>> (in fact, I once wrote a paper about how unpleasant it would be).
>>> As I once wrote, anonymity should be the substrate. Once you have
>>> that, you can the build on it to be linked when you choose to be, and
>>> not linked when you choose not to be. If it is not the substrate, then
>>> you do not have this choice.
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
Received on Monday, 22 October 2012 17:42:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:44 UTC