- From: Henry Story <henry.story@bblfish.net>
- Date: Mon, 18 Jul 2011 05:49:54 +0200
- To: Tom Scavo <trscavo@gmail.com>
- Cc: Ben Adida <ben@adida.net>, dev-identity@lists.mozilla.org, WebID XG <public-xg-webid@w3.org>
On 18 Jul 2011, at 03:46, Tom Scavo wrote: > On Sun, Jul 17, 2011 at 8:04 PM, Ben Adida <ben@adida.net> wrote: >> >> We're >> pursuing an experiment to see if our hunch – that web sites just want >> an email address – is right. > > Yes, and an interesting experiment it is, too. agree. > >> Private exchange of an email address is privacy- >> protecting. Exposing a public profile is not. Thus, the public profile >> should be the optional component. > > An e-mail address is not privacy preserving. It is a globally unique > identifier that is correlatable across relying parties. Thus your > conclusion does not hold. The identifier would have to be opaque and > per-RP for your argument to make sense. A lot of people don't want to get into spam registries. The privacy advantage of http URLs is that you can send e-mails using them. So one could argue that http URLs are more privacy enhancing :-) > >> Logging in does not require long-lasting keys. > > Agreed. A question on short keys - this is probably something I have not fully understood. But if the keys are short lived, don't you have to go back to your e-mail provider constantly to create new keys? If so is that not a Usability nuisance? Henry > > Tom > _______________________________________________ > dev-identity mailing list > dev-identity@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-identity Social Web Architect http://bblfish.net/
Received on Monday, 18 July 2011 03:50:25 UTC