On Wednesday, 4 October 2017, Tom Herbert wrote: > On Wed, Oct 4, 2017 at 7:57 AM, Phillip Hallam-Baker > <phill@xxxxxxxxxxxxxxx> wrote: > > On Fri, Sep 29, 2017 at 2:31 PM, Stephen Farrell <stephen.farrell@xxxxxxxxx> > > wrote: > >> > >> > >> As currently described, I oppose creation of this working > >> group on the basis that it enables and seemingly encourages > >> embedding identifiers for humans as addresses. Doing so > >> would have significant privacy downsides, would enable > >> new methods for censorship and discrimination, and could > >> be very hard to mitigate should one wish to help protect > >> people's privacy, as I think is current IETF policy. > >> > >> If the work precluded the use of any identifiers that > >> strongly map to humans then I'd be ok with it being done > >> as it'd then only be a waste of resources. But I don't > >> know how that could be enforced so I think it'd be better > >> to just not do this work at all. > >> > >> S. > > > > > > +1 > > > > I know how to restrict the work to 'meaningless' identifiers, require that > > the identifiers be the output of a cryptographic algorithm. > > > > Now strictly speaking, this only limits scope to identifiers that are > > indexical as opposed to rendering them meaningless but I think that was the > > sense of it. > > > > > > Nöth proposed a trichotemy of identifiers as follows > > > > * Identity, the signifier is the signified (e.g. data: URI) > > > > * Indexical, the signifier is related to the signified by a systematic > > relationship, (e.g. ni URIs, SHA256Data), PGP fingerprints etc.) > > > > * Names, the signifier is the related to the signified by a purely > > conventional relationship, (e.g. example.com to its owner) > > > > > > There is a big difference between attempting to manage indexical signifiers > > and names. Especially when the people trying to do so refuse to read any of > > the literature on semiotics. > > > > Names are problematic because the only way that a conventional relationship > > can be implemented is through some sort of registration infrastructure and > > we already have one of those and the industry that manages it has a > > marketcap in the tens of billions. > > > > Identifiers do lead to tractable solutions. But, this proposal looks a bit > > unfocused for IRTF consideration, an IETF WG? Really? > > > Identifiers are equivalent to addresses in that they indicate a node > in the network for the purposes of end to end communications. The only > difference between identifiers and addresses is that identifiers are > not topological. Virtual addresses in network virtualization are also > identifiers. So the security properties are the same when considering > privacy. For instance, if applications use temporary addresses for > privacy, it would have equivalent properties using temporary > identifiers. In fact from the application POV this would be > transparent. It could get a pool of apparently random addresses to > choose from as source of communication, it shouldn't know or even care > if the addresses are identifiers. > > Identity is a completely separate concept from identifiers. Is not > required in any of the identifier/locator protocols and AFAIK none of > them even mention the term. There is no association of an identity of > user behind and identifier any more than there is an association of > identity behind IP address. The fact that the words "identifier" and > "identity" share a common prefix is an unfortunate happenstance :-). Yes. But doesn't that mean either the name of this effort is wildly misleading or else the effort is hugely problematic from a privacy POV? Either way, istm this ought not proceed. S. > > Tom >