Re: [foaf-protocols] privacy considerations: can a nosy https: site probe user identity without explicit permission?

On Fri, Feb 11, 2011 at 22:19, Henry Story <henry.story@bblfish.net> wrote:
>
> On 11 Feb 2011, at 14:50, Jan Wildeboer wrote:
>
>> On 02/11/2011 02:26 PM, Henry Story wrote:
>>
>>> There is I think a bug in Safari (at least on OSX). If you send a certificate once to a site, Safari will always send it. Test it and file a bug report if it's still there. That is a security issue I reported, but I am not sure how responsive they are.
>>
>> Is that a bug? IMHO it would be extremely annoying if I open my Laptop and all 23 open tabs start yelling at me which cert to use.
>>
>> Compare it to the geolocation option. Typically the first time you visit a website the browser will ask if it is OK to share current location
>>
>> - Only once (prompt everytime)
>> - Always for this domain
>> - Never for this domain
>
> Yes, but that has issues of its own. Imagine some user your browser while you are not looking, or you mistakenly click on one of the buttons you just described above whilst you are in a hurry, at a point where you don't have time to look into it further, so you go and forget. Next time you go to that site it can keep a much stronger identifier on you than you ever thought.
>

I believe this is very similar to the "logout" problem, and should be
solved in conjunction with that.
Please don't make it the classic "windows" workflow, where you have to
confirm several times that you are sure about what you just told the
browser to do ;-)

> The solution is just to show the user what certificate he is logged in under.
> In the URL bar the browser currently shows the server certificate. It should also show you in a similar what the short name in the DN of the certificate you are using in that session. By default you should be logged in as anonymous. All cookies should be tied to such a session, so that you can change identity and there be no cookie leakage.
>

I believe a browser should remember what certificate you choose last
for a certain website. This is important for the zero-click-sign-in
scenario. I agree the client certificate should be displayed in the
URL bar, and should be clickable to sign-out or change the
certificate.

> This is a point I have made a few times, so I think it should be a deliverable to write it up, as it keeps coming up again and again, and the solution is so simple. It comes under ISSUE-14.
>
>>
>> Now thinking ahead, would it be an option to have a list of approved domains right in the RDF file that is referenced in the cert? That way the user is in control, regardless.
>
> That would be the wrong place to put the control I believe. It should be visible to the user at all times.
>
>>
>> I haven't thought it through completely yet, but IMHO a popup each and every time is annoying and will not work.
>
> It is very annoying. But luckily there is no need for it at all.
>
> Henry
>
>>
>> Jan
>
> Social Web Architect
> http://bblfish.net/
>
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols@lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>



-- 
远洋 / Daniël Bos

email  : corani@gmail.com
phone  : +31-318-711063 (Dutch) / +86-18-701330735 (Chinese)
weblog : http://blog.loadingdata.nl/
ostatus: corani@status.loadingdata.nl

Received on Friday, 11 February 2011 15:29:10 UTC