IETF Logo Mail Archive

Re: [apps-discuss] Webfinger discussion

"Paul E. Jones" <paulej@packetizer.com> Tue, 27 March 2012 16:15 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D7A621F89AF for <apps-discuss@ietfa.amsl.com>; Tue, 27 Mar 2012 09:15:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.474
X-Spam-Level:
X-Spam-Status: No, score=-2.474 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KojubcqskyNR for <apps-discuss@ietfa.amsl.com>; Tue, 27 Mar 2012 09:15:22 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id D620C21F8972 for <apps-discuss@ietf.org>; Tue, 27 Mar 2012 09:15:20 -0700 (PDT)
Received: from sydney (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id q2RGFIbd011441 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 27 Mar 2012 12:15:19 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1332864919; bh=nmXI1JdiPGkzh+DozpDzeA6akfC2ez192EGbelRBK88=; h=From:To:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type:Content-Transfer-Encoding; b=d/nnTjqE9UE28dudRJ1+8GT9r8MkfIZ61yGWVjCGvRNDRPbVqbXu4rwrwlee2smXY Zsy3b8Fb9QrpdMirYKH/qT12FMvTaxm47pFEYAFE8HmIffcrZChzE0seukkdXNv6JQ //zbdSTZQx5TmXK3oeV2ULCjecHoHjsjvGVq1+Ns=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'Andrew Sullivan' <ajs@anvilwalrusden.com>, apps-discuss@ietf.org
References: <053201cd0b5d$c08c80f0$41a582d0$@packetizer.com> <20120326150556.GC3557@mail.yitter.info> <CAA1s49V0M7N1pLua+ORxGWmsrd_yAA_KQ0Piqjg8VuWJ5=G+Lg@mail.gmail.com> <20120327084709.GB11491@mail.yitter.info>
In-Reply-To: <20120327084709.GB11491@mail.yitter.info>
Date: Tue, 27 Mar 2012 12:15:21 -0400
Message-ID: <00ac01cd0c34$cfc96f10$6f5c4d30$@packetizer.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQEg174HJISLlkWDD0VVkXSpmVuZQwKMareXAWwgTx8BwaaRJZeo6B0A
Content-Language: en-us
Subject: Re: [apps-discuss] Webfinger discussion
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 16:15:23 -0000

I agree it would be useful to add text about sharing information that might
be dynamic in nature (e.g., current user location).

We'll add text along those lines to the next draft.  Any other security
considerations we should note?

Paul

> -----Original Message-----
> From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
> On Behalf Of Andrew Sullivan
> Sent: Tuesday, March 27, 2012 4:47 AM
> To: apps-discuss@ietf.org
> Subject: Re: [apps-discuss] Webfinger discussion
> 
> On Mon, Mar 26, 2012 at 02:31:30PM -0400, Bob Wyman wrote:
> 
> > un-recommended!). If people did, in fact, use WebFinger to record such
> > stuff, the concerns you mentioned would be relevant. Thus, it might
> > make sense for the Security Considerations section to suggest that one
> > should think carefully before using WebFinger to provide such dynamic
> information.
> 
> Right, that's most of what I was trying to say.  I do have a concern that
> collecting a bunch of different information about a given person and
> linking it together in a single, easy to access repository has some
> potential security side effects (not just privacy ones, but those too, of
> course) that are not clearly highlighted in the security considerations.
> I suppose one could argue that facebook's (or pick your poison) user
> population shows nobody cares about that, but I think it would still be
> good to have some observations about those effects.
> 
> Best,
> 
> A
> 
> --
> Andrew Sullivan
> ajs@anvilwalrusden.com
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss

v2.23.0 | Report a Bug | By Email