W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: privacy considerations: can a nosy https: site probe user identity without explicit permission?

From: Jan Wildeboer <jan@wildeboer.net>
Date: Fri, 11 Feb 2011 14:50:00 +0100
Message-ID: <4D553E88.5030101@wildeboer.net>
To: Henry Story <henry.story@bblfish.net>
CC: Dan Brickley <danbri@danbri.org>, WebID XG <public-xg-webid@w3.org>, foaf-protocols@lists.foaf-project.org
On 02/11/2011 02:26 PM, Henry Story wrote:

> There is I think a bug in Safari (at least on OSX). If you send a certificate once to a site, Safari will always send it. Test it and file a bug report if it's still there. That is a security issue I reported, but I am not sure how responsive they are.

Is that a bug? IMHO it would be extremely annoying if I open my Laptop 
and all 23 open tabs start yelling at me which cert to use.

Compare it to the geolocation option. Typically the first time you visit 
a website the browser will ask if it is OK to share current location

- Only once (prompt everytime)
- Always for this domain
- Never for this domain

Now thinking ahead, would it be an option to have a list of approved 
domains right in the RDF file that is referenced in the cert? That way 
the user is in control, regardless.

I haven't thought it through completely yet, but IMHO a popup each and 
every time is annoying and will not work.

Jan
Received on Friday, 11 February 2011 13:50:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC