Re: [TLS] Suggestion for Transport Layer Security (tls)

[Dean Anderson <dean at av8.com>]

Tor project isn't true anonymity.  It just increases the set of 
adminstrative domains that are necessary to identify the endpoint.

I don't think Tim wants to be able to access a web server anonymously,
as any open proxy enables that.  He wants (I think) to assure the web
app client's customers that they are anonymous, as in an electronic
voting system.  I think he want's to say (essentially) something like:  
"The vote you cast is anonymous, because we do not share the IP address
with the people collecting the votes."  This is something a service
provider could do, for example, to allow companies like ARIN to have
anonymous and verifiable voting in corporate elections.

I don't think the problems of anonymity and security are solved. There
have indeed been ecash systems, but those weren't truly anonymous---just
offline versions of online systems.  Cash is (supposed to be)  truly
anonymous. People pay for drugs and illegal weapons in cash and diamonds
for a reason: anonymity and security. Cash has to be both anonymous and
secure (hard/impossible to forge).  There are no electronic cash systems
that have this property.  All systems I know of so far are merely
electronic payment systems, all roughly equivalent to a credit/debit
card in anonymity.  Payments can be done offline sometimes, but its
always possible to identify the parties later. 

Open web proxies appear to be just a means of abuse. Open web proxies
are distinct from open smtp relays which do not offer anonymity at all.  
There seems to be very little legitimacy to open web proxies, though
recently I noticed that they can help show that google ads are location
dependent, and enable one to view the ads being shown to a particular
geography.  But, even systems like Tor that attempt to offer a
legitimized anonymity are vulnerable to abuse.

But anonymity in cash is a tougher sell. Cash has historically had the
property of anonymity because of its nature as a unforgeable or
difficult to forge token of value that can be exchanged with anyone. But
its hard to think of a really compelling social reason to maintain the
property of anonymity in payments.

Anyway, given the proper credentials, most administrative domains can be
accessed. For example, a couple years ago most of New England lost
power. For day or so, it was suspected that this was due to a computer
virus released about the same time. It turned out the power disruption
had nothing to do with the virus, whose release was just coincidental.
However, the FBI had no trouble finding the 14 year-old who released the
virus when it was thought the power grid was at stake.  Script kiddies
are usually not really anonymous; its just that those of us not in law
enforcement (and sometimes even those who are) don't have the
credentials to access all the administrative domains necessary to obtain
the identity. But, do something bad enough, and the identity information
can be retrieved.

Well-known services like Tor, that may try to offer a service with no
logs (I don't know that Tor does that--I didn't see anything explicitly
promise that)--but supposing a service that did attempt that, would
probably just be subject to more law enforcement attention and
surveilance through CALEA, NSA, etc, and other similar LEA and national
agencies in other countries--so the logs may still exist even when the
operators are actually _trying_ to prevent that.  There is probably a
pretty good reason that while Al-quaeda is allowed to run web sites,
Osama Bin Laden never participates online.

But TLS doesn't enhance anonymity at all and doesn't try, since the
private key is a form of identification. Even when 'anonymous
certificates' are used on a per-session basis, translating the IP
address to something physical (like what pair of wrists to slap cuffs
on), is often just a matter of appropriate administrative access.

		--Dean



On Thu, 28 May 2009 Jeremey.Barrett at nokia.com wrote:

> On 5/28/09 11:40 AM, "ext Dean Anderson" <dean at av8.com> wrote:
> 
> > 
> > Genuine anonymity is hard to ever truly achieve in the internet or
> > electronically, and there are really just administrative limitations on
> > who knows or has access to the identity of the endpoints. Security in
> > TLS is based on proving knowledge of a private key in a public/private
> > key pair, which is a kind of identification.  Secure, genuine anonymity
> > and electronic cash (as distinct from traceable electronic payments) are
> > closely related problems, I think.  Solve either, and you'll be rich...
> 
> Actually, you'll have to solve both. :) (buying anonymity with traceable
> payments, not so good)
> 
> Kidding aside, both of these problems have been largely solved, in the sense
> that we know how to do them, people have implemented things, companies have
> been formed, and everyone lost a bunch of money.
> 
> Anonymity is a tough sell, and in many cases, not even a good idea (or at
> least very poorly defined).
> 
> Tim, have a look at Tor: http://www.torproject.org/
> 
> Jeremey.
> 
> 
> 

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000