- From: Ben Laurie <benl@google.com>
- Date: Mon, 8 Oct 2012 12:34:18 +0100
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: Henry Story <henry.story@bblfish.net>, "public-webid@w3.org" <public-webid@w3.org>
On 8 October 2012 11:28, Melvin Carvalho <melvincarvalho@gmail.com> wrote: > > > On 8 October 2012 11:36, Ben Laurie <benl@google.com> wrote: >> >> On 6 October 2012 08:48, Melvin Carvalho <melvincarvalho@gmail.com> wrote: >> > WebID is actually 2 specs. >> > >> > 1. The first part is authentication via your public key which is a IFP >> > of >> > your identity. In certain circumstances (ie caching, just like >> > ~/.ssh/authorized_keys ) you can be done here and it operates like SSH. >> > >> > (1) I think solves the unlinkability problem >> >> How? Clearly the public key makes all authentications that use it >> linkable. > > > You're absolutely right. We discussed this topic a bit more in the WebID CG > group over the weekend. > > You'd have to either > > 1) Change key every time > 2) Use a widely used shared key e.g. if we set one up at > http://webid.info/#anonymous > > However, the easy option if you want anonymity (which I believe > unlinkability is related to) is not to send a certificate at all. This is > much of the normal flow as you should only need to send the cert when > logging in, and you can hit 'cancel' on all major browsers. How do you log in, then? That is, how do I get linkability between sessions at a particular site but not between sessions at different sites? > > Or even easier use a different browser / different browser profile.
Received on Monday, 8 October 2012 11:34:49 UTC