- From: Ben Laurie <ben@links.org>
- Date: Sun, 21 Oct 2012 11:18:42 +0100
- To: Mo McRoberts <Mo.McRoberts@bbc.co.uk>
- Cc: Henry Story <henry.story@bblfish.net>, Mouse <mouse@rodents-montreal.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
On Sun, Oct 21, 2012 at 9:24 AM, Mo McRoberts <Mo.McRoberts@bbc.co.uk> wrote: > > On 18 Oct 2012, at 20:29, Ben Laurie <ben@links.org> wrote: > >> I really feel like I am beating a dead horse at this point, but >> perhaps you'll eventually admit it. Your public key links you. Access >> control on the rest of the information is irrelevant. Indeed, access >> control on the public key is irrelevant, since you must reveal it when >> you use the client cert. Incidentally, to observers as well as the >> server you connect to. > > > Right, but that's the nature of a persistent identifier which is (surely) a prerequisite for auth — assuming one doesn't wish to remain anonymous and have some auth, you could hypothetically avoid the cross-domain linkability issue by having a key-per-site, which could be semi-automated on the client side. > > What I can't see is how you can maintain persistence on the server side without something which ultimately boils down to (or otherwise allows the storage of) a persistent identifier. Obviously. I'm talking about linkability across sites. > > M. > > -- > Mo McRoberts - Technical Lead - The Space > 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E, > Zone 1.08, BBC Scotland, Pacific Quay, Glasgow, G51 1DA > Project Office: Room 7083, BBC Television Centre, London W12 7RJ > > > > ----------------------------- > http://www.bbc.co.uk > This e-mail (and any attachments) is confidential and > may contain personal views which are not the views of the BBC unless specifically stated. > If you have received it in > error, please delete it from your system. > Do not use, copy or disclose the > information in any way nor act in reliance on it and notify the sender > immediately. > Please note that the BBC monitors e-mails > sent or received. > Further communication will signify your consent to > this. Oh really? Further communication will signify your agreement to send me £10,000.
Received on Sunday, 21 October 2012 10:19:14 UTC