- From: John C Klensin <john-ietf@jck.com>
- Date: Sun, 09 Jan 2011 13:22:04 -0500
- To: Marsh Ray <marsh@extendedsubset.com>
- cc: apps-discuss@ietf.org, "Roy T. Fielding" <fielding@gbiv.com>, websec <websec@ietf.org>, Robert Sayre <sayrer@gmail.com>, kitten@ietf.org, http-auth@ietf.org, saag@ietf.org, Ben Laurie <benl@google.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
--On Saturday, January 08, 2011 15:32 -0600 Marsh Ray <marsh@extendedsubset.com> wrote: > On 01/08/2011 10:07 AM, Phillip Hallam-Baker wrote: >> I think that Ben is right that we are solving the wrong >> problem. > > I think Ben is nearly always right. :-) > > But let me toss out a different perspective. I'll try > carefully and hope that this doesn't come across as trolling, > but it is a bit contrarian (hopefully in a good way). >... Well, actually, I think this is constructive, useful, and rather nicely describes the other side of the problem. I would add that one important variation on "Person = Identity = Email address" has historically involved the use of subaddresses. Not only do they help considerably with mail management (pretty much their original purpose) but they provide an additional (weak but convenient) measure against email fraud and identify theft attempts (if I know that mail from my bank is going to be addressed to "john+12345@example.com" because that is the only address they have, then it is pretty clear where mail that supposedly comes from them but is addressed to "john+LargeRetailer@example.com" should be routed. Obviously, if an address that is used for only one vendor or correspondent gets into the hands of a spammer, it is lots easier to fix that problem as well. Address-per-correspondent also makes password-per-correspondent much easier too. Lots of web sites and providers have been really resistant to that approach. I had assumed before this that the problem was just stupidity, but parts of your comments could be expanded to lead to the inference that having me use more than one address is not in their interests. Whatever becomes of that tradeoff, the IETF should not, IMO, be doing things that encourage them in directions that reduce our privacy and ability to control our identities. >... > Which is why everyone just has one email address? Come on, > most people have several. And often they do so for a reason, > it's not just that people get new ISPs or switch for new > features all the time. I train my kids to lie about their > names and ages when they do stuff online. They don't have > emails. > > You don't have a personal email and a work email at least? >... exactly. with the emphasis on "at least" >... > Bad things happen when you force-fit the wrong model on to the > design. Security and privacy are always the first to go. > (Somewhere I saw the other day somebody seriously proposing > using Facebook as a centralized identity authority.) More > subtly, people find the system harder to use, and overall they > just don't like it or trust it as much. People won't use it, > or they'll use it and not like it, or they won't use it as > much, or they'll figure out a way to defeat it. Indeed. In all of the really significant cases, probably the latter. If I had a nickel for every sticky note with a password (sometimes slightly-disguised) stuck to a screen... But those notes are precisely a workaround for "you have to change your password frequently, you can't share passwords between systems, and we will insist by various means that you passwords are strong and that a given password is not obviously derivable from its predecessors" policies. >... john
Received on Sunday, 9 January 2011 18:22:42 UTC