- From: Ben Adida <ben@adida.net>
- Date: Mon, 18 Jul 2011 19:22:13 -0700
- To: Henry Story <henry.story@bblfish.net>
- CC: Tom Scavo <trscavo@gmail.com>, dev-identity@lists.mozilla.org, WebID XG <public-xg-webid@w3.org>
On 7/17/11 8:49 PM, Henry Story wrote: > >> Yes, and an interesting experiment it is, too. > > agree. I'm glad you think so. We think it's important to keep it simple to see where it goes. And though I'm pessimistic about WebID, I'm glad you're experimenting with it. I will gladly eat my words if you succeed. > A lot of people don't want to get into spam registries. The privacy > advantage of http URLs is that you can't send e-mails using them. So > one could argue that http URLs are more privacy enhancing :-) It's easy to create an email alias that goes to bitbucket, if we find that that's an important use case. I doubt it, though. I don't think we're going to agree on the privacy properties of HTTP URLs that reveal information to anyone who asks, and that effectively become logs of all login activity. > A question on short keys - this is probably something I have not fully understood. > But if the keys are short lived, don't you have to go back to your e-mail provider > constantly to create new keys? Indeed. But we are working on the protocol that will let a provider that has already certified you re-certify you quietly. So when you log back into your email provider, your cert is renewed automatically, in the background. > If so is that not a Usability nuisance? I'm pretty sure we can make it fully transparent and yet fully user-consented. But we've got some work left to do to get there. -Ben
Received on Tuesday, 19 July 2011 02:22:40 UTC