- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Thu, 22 May 2014 13:23:05 -0400
- To: Peter Williams <home_pw@msn.com>
- CC: "public-webid@w3.org" <public-webid@w3.org>
- Message-ID: <537E3279.7030702@openlinksw.com>
On 5/22/14 12:00 PM, Peter Williams wrote: > remember two things - that perhaps dont gel with how you are > indoctrinated (if you grew up in the UK say, and reached 18 before the > internet took off.). > > 1. > in the US, there is NO expectation or privacy IF YOU USE THE > INTERNET. That is the official position. Ask Mr Lavabit. You can > add “sensitivity private” to your headers all you like, you can > add a footer saying “private and conditional, attorney privilege”; > it makes no difference (contrary to what you might believe). The > only privacy comes when you make it so (because its hard to read..) > This is what I mean by "self calibration of one's vulnerability" i.e., you control the levers in regards to: 1. signature 2. encryption (be it asymmetric or symmetric [here the "shared secret" is encrypted using your Public Key in Encryption At Rest (EAR) scenarios using AES] ) 3. access to resources you share via the Web or Internet -- agents accessing your protected resource don't need to be equipped (by default) with any particular information about your ACLs or Data Access policy algorithms (you control that by making up whatever policy works for you). > 1. > Collect it all, is the phrase to remember. What don’t you get, > yet, about ‘collect it ALL??!!??” (to use an Americanism.) All > means ALL (including whatever your mic is picking up, en les > environs, and your “proxmity association” with other devices in > sound range [ about 100m, for a modern phone)). > Yes, you have to assume everything is collected because its sort of cheaper (in a retarded way, at tax payer expense) to do it that way. > > the rationale is quite simple: who knows - when tracing back four > years later through having figured that you were happenstance near Mr > Foo - four year ago - now a terrorist suspected of planning a demo > against animal cruelty - the mic MIGHT have picked up the original > plot details, the co-conspirators, etc etc. Yep! > > Dont be tempted to talk about Arab Springs, or low cost twittering > devices that faciliate web revolutions that free folk from the local > dictator. That was as bogus a technique for technology saving freedoms > as was PGP saving the Soviet Refusniks (an invented evil and > solution, used to selling PGP to Americans). > > Now, what we can do with linked-data trust models is augment the > public/enterprise/cloud space; with an overlay. that is the trust and > assurance that comes with good governance is a [assurance] bootstrap - > for the overlay that then expresses mutual understandings on a small > scale. > > The purpose of NOT going against the tide is that the tide GIVES > distributed models what they lack - a trusted bootstrap. Yes! > Put technically, you use the public channels of SSL (wehre there > is “zero expectation of privacy”, say, to boot up the next SSL tunnel > - which is NOT build according to the “governance model”. > > This is what we did with SSL, years ago. We allowed the whole CA > hierarchy to come into being, allowed NSA to infiltrate VeriSign upper > management (easy enough… just offer $$$), IN ORDER THAT there was easy > plumbing for self-signed certs that its trivial to configure - on > consumer-grade [prpducts (phones, routers bought in the supermarket). > Back then, this was as much as we could get through the “crypto > politics” , allowing public trust and personal trust to intermingle. Enabling URIs in the SAN slot of a certificate was the key to everything. That ensured the future of webby PKI. > > Now, I feel, with self-signed client certs, linked through json-ld, we > get to go further. Yes, but do remember: 1. json-ld -- is for web developers 2. turtle -- is for everyone. Thus, the goal is for everyone to be able to represent their worldview using compact digital sentences. For instance, I can pack Turtle into a tweet which turns a tweet into a Linked Data launchpad for follow-your-nose exploration (by human or machine). Basically, I refer to this as "Nanotation" . > > The key is NOT to annoy the “authorities” but work with them > (understand that now we all know thats its a “collect it all” > atmostsphere;. Of course, folks HERE knew that ALL along (where else > did the research funds for all this… come from; lets be honest)). one > goes out tpo find a new level of public/private partnership; using the > overlay concept set - understand that private means “cipher it” vs > expect some rights. Of course, ciphering it doesnt means folks dont > have easy access to your commodity phone/router to explouit it, or the > inbility in 5 years to decrypt it by cryptanlaysis, having “collected > it all, including the ciphertext). > > But, we WOULD have moved forward…. an inch. Yes. Kingsley . > > > Sent from Surface Pro > > *From:* Melvin Carvalho <mailto:melvincarvalho@gmail.com> > *Sent:* Thursday, May 22, 2014 8:07 AM > *To:* Anders Rundgren <mailto:anders.rundgren.net@gmail.com> > *Cc:* Kingsley Idehen <mailto:kidehen@openlinksw.com>, > public-webid@w3.org <mailto:public-webid@w3.org>, peter Msn > <mailto:home_pw@msn.com> > > > > > On 22 May 2014 14:55, Anders Rundgren <anders.rundgren.net@gmail.com > <mailto:anders.rundgren.net@gmail.com>> wrote: > > On 2014-05-22 13:03, Kingsley Idehen wrote: > > On 5/22/14 12:55 AM, Anders Rundgren wrote: > > > Statements like "take full control of your online (Web and > Internet) > Identity" may sound cool but has essentially no value > since just about > all service providers have their own "identity system" > which you > either accept or reject. The latter means you won't be > able to use > their services. Calling this "take full control" is IMO > quite a stretch. > > > You have full control of your (Web and Internet) Identity when the > following hold true: > > 1. You control the Identifiers that denote You > 2. You control the Identity Cards that Describe You > 3. You control the location of Identity Cards that Describe You > 4. You control the Signature used to verify You > 5. You control the control how Data is encoded for You > 6. You control the ACL and Access policies for accessing stuff > created > by You > 6. You can achieve all of the above from any platform You choose. > > > Of course! What I'm (indirectly) saying is that this doesn't apply to > - Government IDs > - Enterprises using AD > - Banks > because in those cases you are *assigned* an identity and what is > behind that is > completely out of your control. Your only option is not using the > services. > > > But the web as a publishing platform allows you to annotate that ID > however you want. Especially if all parties agree, at least in > principle, that it belongs to you. > > > > > Look, the architecture of the World Wide Web wasn't built for any > particular industry. It was built to empower You! > > > IMO, the web is just a network and can in similarity with most other > technology be used in good and bad ways. > > I regard "the distributed social web" as a positive development but I > also have severe problems with the proponents' lack of interest in > traditional uses since this is how Microsoft managed achieving a ZERO > market-share for their take on authentication in the consumer space. > Pragmatism you know :-) > > > > I notice you still don't send signed emails, why? I don't > believe that > has anything to do with a particular industry, or does it? :-) > > > Well, I have actually been involved in this discussion since > around Y2000 > but I don't want to go over this here... > > Anders > > > > > -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter Profile: https://twitter.com/kidehen Google+ Profile: https://plus.google.com/+KingsleyIdehen/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Thursday, 22 May 2014 17:23:28 UTC