On Wed, Oct 4, 2017 at 7:57 AM, Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote: > On Fri, Sep 29, 2017 at 2:31 PM, Stephen Farrell <stephen.farrell@xxxxxxxxx> > wrote: >> >> >> As currently described, I oppose creation of this working >> group on the basis that it enables and seemingly encourages >> embedding identifiers for humans as addresses. Doing so >> would have significant privacy downsides, would enable >> new methods for censorship and discrimination, and could >> be very hard to mitigate should one wish to help protect >> people's privacy, as I think is current IETF policy. >> >> If the work precluded the use of any identifiers that >> strongly map to humans then I'd be ok with it being done >> as it'd then only be a waste of resources. But I don't >> know how that could be enforced so I think it'd be better >> to just not do this work at all. >> >> S. > > > +1 > > I know how to restrict the work to 'meaningless' identifiers, require that > the identifiers be the output of a cryptographic algorithm. > > Now strictly speaking, this only limits scope to identifiers that are > indexical as opposed to rendering them meaningless but I think that was the > sense of it. > > > Nöth proposed a trichotemy of identifiers as follows > > * Identity, the signifier is the signified (e.g. data: URI) > > * Indexical, the signifier is related to the signified by a systematic > relationship, (e.g. ni URIs, SHA256Data), PGP fingerprints etc.) > > * Names, the signifier is the related to the signified by a purely > conventional relationship, (e.g. example.com to its owner) > > > There is a big difference between attempting to manage indexical signifiers > and names. Especially when the people trying to do so refuse to read any of > the literature on semiotics. > > Names are problematic because the only way that a conventional relationship > can be implemented is through some sort of registration infrastructure and > we already have one of those and the industry that manages it has a > marketcap in the tens of billions. > > Identifiers do lead to tractable solutions. But, this proposal looks a bit > unfocused for IRTF consideration, an IETF WG? Really? > Identifiers are equivalent to addresses in that they indicate a node in the network for the purposes of end to end communications. The only difference between identifiers and addresses is that identifiers are not topological. Virtual addresses in network virtualization are also identifiers. So the security properties are the same when considering privacy. For instance, if applications use temporary addresses for privacy, it would have equivalent properties using temporary identifiers. In fact from the application POV this would be transparent. It could get a pool of apparently random addresses to choose from as source of communication, it shouldn't know or even care if the addresses are identifiers. Identity is a completely separate concept from identifiers. Is not required in any of the identifier/locator protocols and AFAIK none of them even mention the term. There is no association of an identity of user behind and identifier any more than there is an association of identity behind IP address. The fact that the words "identifier" and "identity" share a common prefix is an unfortunate happenstance :-). Tom