- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Sun, 21 Oct 2012 09:28:50 +0200
- To: Ben Laurie <ben@links.org>
- CC: Henry Story <henry.story@bblfish.net>, Mouse <mouse@rodents-montreal.org>, "public-identity@w3.org" <public-identity@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>
On 2012-10-18 21:29, Ben Laurie wrote: > On Thu, Oct 18, 2012 at 8:20 PM, Henry Story <henry.story@bblfish.net> wrote: >> from any person that was not able to access the resources. But you would >> be linkable by your friends. I think you want both. Linkability by those >> authorized, unlinkability for those unauthorized. Hence linkability is not >> just a negative. > > I really feel like I am beating a dead horse at this point, but > perhaps you'll eventually admit it. Your public key links you. Access > control on the rest of the information is irrelevant. Indeed, access > control on the public key is irrelevant, since you must reveal it when > you use the client cert. Incidentally, to observers as well as the > server you connect to. > That's undeniable. I'm still curious about the use-cases for non-linkable authentication. The Austrian government spent a lot of money and time on creating sector- specific IDs but I doubt they actually work in practice. Without any kind of "call-back" info, what kind of service can you actually get? There's probably more utility in systems vouching for non-personal attributes like "Employee of Acme", "I'm over 18", etc. Yes, InformationCards was a good idea! It was just poorly though-out since it didn't exploit the platform that already existed in the wild: consumer PKI. Anders
Received on Sunday, 21 October 2012 07:31:07 UTC