Re: [saag] Liking Linkability

On 18 Oct 2012, at 20:29, Ben Laurie <ben@links.org> wrote:

> I really feel like I am beating a dead horse at this point, but
> perhaps you'll eventually admit it. Your public key links you. Access
> control on the rest of the information is irrelevant. Indeed, access
> control on the public key is irrelevant, since you must reveal it when
> you use the client cert. Incidentally, to observers as well as the
> server you connect to.


Right, but that's the nature of a persistent identifier which is (surely) a prerequisite for auth — assuming one doesn't wish to remain anonymous and have some auth, you could hypothetically avoid the cross-domain linkability issue by having a key-per-site, which could be semi-automated on the client side.

What I can't see is how you can maintain persistence on the server side without something which ultimately boils down to (or otherwise allows the storage of) a persistent identifier.

M.

--
Mo McRoberts - Technical Lead - The Space
0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
Zone 1.08, BBC Scotland, Pacific Quay, Glasgow, G51 1DA
Project Office: Room 7083, BBC Television Centre, London W12 7RJ



-----------------------------
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.
-----------------------------

Received on Sunday, 21 October 2012 08:26:10 UTC