- From: Herbert Snorrason <odin@anarchism.is>
- Date: Fri, 30 May 2014 14:45:50 +0000
- To: public-webpayments@w3.org
Received on Friday, 30 May 2014 14:46:20 UTC
On fös 30.maí 2014 14:25, Dave Longley wrote: > 3. If your browser can't yet obscure information about the relying party > from your Identity Provider, a trusted "login mixnet" can be provided to > intermediate communication between your Identity Provider and the > relying party in order to protect your privacy. An interesting notion, but what makes the mixnet trustworthy? You're already trusting downloaded code with identifying the identity provider. Why can't that also mediate between the IdP and RP? Security depends on IdP-provided signatures, not a direct conversation between the IdP and RP. With greetings, Herbert Snorrason
Received on Friday, 30 May 2014 14:46:20 UTC