W3C home > Mailing lists > Public > public-credentials@w3.org > November 2015

Re: Solutions to the NASCAR problem?

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 23 Nov 2015 13:00:20 +0100
To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
Message-ID: <5652FFD4.4070109@gmail.com>
On 2015-11-23 10:51, David Chadwick wrote:
snip>
> On 23/11/2015 05:40, Anders Rundgren wrote:
>> Pardon me for being unclear.  I understand the concept on this level,
>> I was only curious about the user processes needed for this to work.
>>
>> Anyway, I have considerable faith in the augmented key model where
>> issuer-defined attributes are used to enhance a key's usage.
>>
>> The "only" problem is how to deal with such keys on the Web without
>> creating [close to] unresolvable privacy, usability, or security problems.
>
> You are correct that there are some privacy issues, but I do not believe
> they are that big if everyone plays by the rules. If they do not, then
> there can never be any privacy guarantees as Edward has kindly revealed.

Agreed.  I was actually referring to "my model" where key metadata plays a
major role.  A scaled-down version of this can be found in this one-page doc:
http://webpki.org/papers/decentralized-payments.pdf
The certificate could surely be replaced by an account-ID, but I'm old-school you know :-)


> Usability is always hard to get right, but we have experimented with a
> GUI for over a year and think it is intuitive and easy to use.

*This* is the thing I'm Interested in.  How is the consumer key sent to
the issuer from a user perspective?


> I am not aware of any additional security issues with this scheme that
> are not always present when users and technology are involved.

You're probably right :-)

Regards
Anders
>
> regards
>
> David
>>
>> Regards
>> Anders
>>
>>>
>>> regards
>>>
>>> David
>>>>
>>>> Anders
>>>>
>>
>>
Received on Monday, 23 November 2015 12:00:59 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:26 UTC