Re: Browser ID, WebID & URLs

On 7/17/11 8:49 PM, Henry Story wrote:
> 
>> Yes, and an interesting experiment it is, too.
> 
> agree.

I'm glad you think so. We think it's important to keep it simple to see
where it goes.

And though I'm pessimistic about WebID, I'm glad you're experimenting
with it. I will gladly eat my words if you succeed.

> A lot of people don't want to get into spam registries. The privacy
> advantage of http URLs is that you can't send e-mails using them. So
> one could argue that http URLs are more privacy enhancing :-)

It's easy to create an email alias that goes to bitbucket, if we find
that that's an important use case. I doubt it, though.

I don't think we're going to agree on the privacy properties of HTTP
URLs that reveal information to anyone who asks, and that effectively
become logs of all login activity.

> A question on short keys - this is probably something I have not fully understood.
> But if the keys are short lived, don't you have to go back to your e-mail provider
> constantly to create new keys?

Indeed. But we are working on the protocol that will let a provider that
has already certified you re-certify you quietly. So when you log back
into your email provider, your cert is renewed automatically, in the
background.

> If so is that not a Usability nuisance?

I'm pretty sure we can make it fully transparent and yet fully
user-consented. But we've got some work left to do to get there.

-Ben

Received on Tuesday, 19 July 2011 02:22:40 UTC