W3C home > Mailing lists > Public > public-webid@w3.org > October 2012

Re: WEbID Todos

From: Ben Laurie <benl@google.com>
Date: Mon, 8 Oct 2012 12:34:18 +0100
Message-ID: <CABrd9SRKdOL6hBGKeKW4JS30HKX9+XqzRuYrtSAhKf9N9305nA@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Henry Story <henry.story@bblfish.net>, "public-webid@w3.org" <public-webid@w3.org>
On 8 October 2012 11:28, Melvin Carvalho <melvincarvalho@gmail.com> wrote:
>
>
> On 8 October 2012 11:36, Ben Laurie <benl@google.com> wrote:
>>
>> On 6 October 2012 08:48, Melvin Carvalho <melvincarvalho@gmail.com> wrote:
>> > WebID is actually 2 specs.
>> >
>> > 1. The first part is authentication via your public key which is a IFP
>> > of
>> > your identity.  In certain circumstances (ie caching, just like
>> > ~/.ssh/authorized_keys ) you can be done here and it operates like SSH.
>> >
>> > (1) I think solves the unlinkability problem
>>
>> How? Clearly the public key makes all authentications that use it
>> linkable.
>
>
> You're absolutely right.  We discussed this topic a bit more in the WebID CG
> group over the weekend.
>
> You'd have to either
>
> 1) Change key every time
> 2) Use a widely used shared key e.g. if we set one up at
> http://webid.info/#anonymous
>
> However, the easy option if you want anonymity (which I believe
> unlinkability is related to) is not to send a certificate at all.  This is
> much of the normal flow as you should only need to send the cert when
> logging in, and you can hit 'cancel' on all major browsers.

How do you log in, then? That is, how do I get linkability between
sessions at a particular site but not between sessions at different
sites?


>
> Or even easier use a different browser / different browser profile.
Received on Monday, 8 October 2012 11:34:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:37 UTC