W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: [saag] Liking Linkability

From: Ben Laurie <ben@links.org>
Date: Sun, 21 Oct 2012 11:18:42 +0100
Message-ID: <CAG5KPzwA3iieK3NTCNBw4cxQtfBYnnU6zmM4s0DiPS8_OXR7=g@mail.gmail.com>
To: Mo McRoberts <Mo.McRoberts@bbc.co.uk>
Cc: Henry Story <henry.story@bblfish.net>, Mouse <mouse@rodents-montreal.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
On Sun, Oct 21, 2012 at 9:24 AM, Mo McRoberts <Mo.McRoberts@bbc.co.uk> wrote:
>
> On 18 Oct 2012, at 20:29, Ben Laurie <ben@links.org> wrote:
>
>> I really feel like I am beating a dead horse at this point, but
>> perhaps you'll eventually admit it. Your public key links you. Access
>> control on the rest of the information is irrelevant. Indeed, access
>> control on the public key is irrelevant, since you must reveal it when
>> you use the client cert. Incidentally, to observers as well as the
>> server you connect to.
>
>
> Right, but that's the nature of a persistent identifier which is (surely) a prerequisite for auth  assuming one doesn't wish to remain anonymous and have some auth, you could hypothetically avoid the cross-domain linkability issue by having a key-per-site, which could be semi-automated on the client side.
>
> What I can't see is how you can maintain persistence on the server side without something which ultimately boils down to (or otherwise allows the storage of) a persistent identifier.

Obviously. I'm talking about linkability across sites.

>
> M.
>
> --
> Mo McRoberts - Technical Lead - The Space
> 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
> Zone 1.08, BBC Scotland, Pacific Quay, Glasgow, G51 1DA
> Project Office: Room 7083, BBC Television Centre, London W12 7RJ
>
>
>
> -----------------------------
> http://www.bbc.co.uk
> This e-mail (and any attachments) is confidential and
> may contain personal views which are not the views of the BBC unless specifically stated.
> If you have received it in
> error, please delete it from your system.
> Do not use, copy or disclose the
> information in any way nor act in reliance on it and notify the sender
> immediately.
> Please note that the BBC monitors e-mails
> sent or received.
> Further communication will signify your consent to
> this.

Oh really? Further communication will signify your agreement to send me 10,000.
Received on Sunday, 21 October 2012 10:19:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 21 October 2012 10:19:11 GMT