Re: [apps-discuss] webfinger privacy question/suggestion
James M Snell <jasnell@gmail.com> Tue, 30 October 2012 17:54 UTC
Return-Path: <jasnell@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABD3921F858B for <apps-discuss@ietfa.amsl.com>; Tue, 30 Oct 2012 10:54:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.765
X-Spam-Level:
X-Spam-Status: No, score=-2.765 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIxtagj9+S3I for <apps-discuss@ietfa.amsl.com>; Tue, 30 Oct 2012 10:54:45 -0700 (PDT)
Received: from mail-ie0-f172.google.com (mail-ie0-f172.google.com [209.85.223.172]) by ietfa.amsl.com (Postfix) with ESMTP id EB6ED21F8582 for <apps-discuss@ietf.org>; Tue, 30 Oct 2012 10:54:44 -0700 (PDT)
Received: by mail-ie0-f172.google.com with SMTP id 9so950391iec.31 for <apps-discuss@ietf.org>; Tue, 30 Oct 2012 10:54:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=AyEzZxNa04+/XCrOmS+idynXgQtM44ViXc33fwbaTv4=; b=WUi6lWpJAKOgJfEcUCFnJFiHKsYn4yLUaa9fpyvh4fQeGZVAqTm60cBp+A/syDOr8D egvNndV6vx/I4l8gnWtTPnIu5DKCxf7+9OKBWwl81MZPOv/1pda1nj2dPK/W82QDvt6b Z5Qh33N0Zu9fGVXEjSrJ3TlwQamZ1epb3Poq+7EbUnyJTtMZm86vGcoH2hgk8+m2aKHt HwgMAB3tY28OwnqUpbKxNjAHXYi5W4dCUJrD21rE5snPf1h7jkbw/F7qFRWZ5pjyXN/Z nj/OokfUHzbqKsj29ZNVlelPxI8+zzMD/eqJA4Xb5bFKeZYuK82dxfiQQw4LpFBqht0T pBQQ==
MIME-Version: 1.0
Received: by 10.50.36.163 with SMTP id r3mr2315923igj.54.1351619684367; Tue, 30 Oct 2012 10:54:44 -0700 (PDT)
Received: by 10.64.46.225 with HTTP; Tue, 30 Oct 2012 10:54:43 -0700 (PDT)
Received: by 10.64.46.225 with HTTP; Tue, 30 Oct 2012 10:54:43 -0700 (PDT)
In-Reply-To: <50900F51.5040805@status.net>
References: <508E66FB.4070708@cs.tcd.ie> <0b3b01cdb61c$981dc600$c8595200$@packetizer.com> <508F0870.9050402@cs.tcd.ie> <0b9901cdb636$bf951480$3ebf3d80$@packetizer.com> <508F2B78.2000006@cs.tcd.ie> <0be001cdb64b$eb574560$c205d020$@packetizer.com> <508FA55F.5020608@cs.tcd.ie> <5FC89052-EE84-4C80-BEE8-ABAD7C784F5A@gmx.net> <6.2.5.6.2.20121030093556.0a82b130@resistor.net> <50900F51.5040805@status.net>
Date: Tue, 30 Oct 2012 10:54:43 -0700
Message-ID: <CABP7RbdGamtm_fzXaswSf0k+YxDMQFr2qD84DuDzZGCB3FThZA@mail.gmail.com>
From: James M Snell <jasnell@gmail.com>
To: Evan Prodromou <evan@status.net>
Content-Type: multipart/alternative; boundary="14dae9340bf3287f2a04cd4a7b38"
Cc: IETF Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] webfinger privacy question/suggestion
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2012 17:54:45 -0000
Agreed, doing too much in this particular draft would be a mistake. What I want, however, is an incremental strip in the right direction. Right now, hashing the identifier is not an option. It should be. Doing so would allow more complex solutions to be built... solutions that take privacy, confidentiality, authorization and authentication into full account and allow us to span from "only sharing public data" to "sharing any data". - James On Oct 30, 2012 10:33 AM, "Evan Prodromou" <evan@status.net> wrote: > There may be some use to having private sharing of discovery data. > > However, it's such a complicated and difficult problem, that trying to > solve it with this version of Webfinger will effectively disallow public > discovery. > > That is: it's a terrible morass, which will sink this effort. > > I suggest making a note in the security considerations that Webfinger > links are visible to all, so don't put private stuff in there, full stop. > > -Evan > > On 12-10-30 01:18 PM, SM wrote: > >> At 03:16 30-10-2012, Hannes Tschofenig wrote: >> >>> Have a look at: http://tools.ietf.org/html/**draft-iab-privacy-** >>> considerations-04<http://tools.ietf.org/html/draft-iab-privacy-considerations-04> >>> >> >> Hmm, that draft was mentioned several months ago [1]. >> >> I have raised these privacy issues already last year. My comments got >>> ignored. >>> >> >> The following question was asked around 11 months ago [2]: >> >> "What are you planning to do to ensure the draft properly addresses >> security, privacy, and netiquette issues?" >> >> The current plan seems to be: do nothing. >> >> Regards, >> -sm >> >> 1. http://www.ietf.org/mail-**archive/web/apps-discuss/** >> current/msg04747.html<http://www.ietf.org/mail-archive/web/apps-discuss/current/msg04747.html> >> 2. http://www.ietf.org/mail-**archive/web/apps-discuss/** >> current/msg03804.html<http://www.ietf.org/mail-archive/web/apps-discuss/current/msg03804.html> >> ______________________________**_________________ >> apps-discuss mailing list >> apps-discuss@ietf.org >> https://www.ietf.org/mailman/**listinfo/apps-discuss<https://www.ietf.org/mailman/listinfo/apps-discuss> >> > > > -- > Evan Prodromou, CEO and Founder, StatusNet Inc. > 1124 rue Marie-Anne Est #32, Montreal, Quebec, Canada H2J 2B7 > E: evan@status.net P: +1-514-554-3826 > > ______________________________**_________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/**listinfo/apps-discuss<https://www.ietf.org/mailman/listinfo/apps-discuss> >
- [apps-discuss] webfinger privacy question/suggest… Stephen Farrell
- Re: [apps-discuss] webfinger privacy question/sug… SM
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… Stephen Farrell
- Re: [apps-discuss] webfinger privacy question/sug… James M Snell
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… Stephen Farrell
- Re: [apps-discuss] webfinger privacy question/sug… Blaine Cook
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… SM
- Re: [apps-discuss] webfinger privacy question/sug… Stephen Farrell
- Re: [apps-discuss] webfinger privacy question/sug… Hannes Tschofenig
- Re: [apps-discuss] webfinger privacy question/sug… James M Snell
- Re: [apps-discuss] webfinger privacy question/sug… SM
- Re: [apps-discuss] webfinger privacy question/sug… Evan Prodromou
- Re: [apps-discuss] webfinger privacy question/sug… James M Snell
- Re: [apps-discuss] webfinger privacy question/sug… Evan Prodromou
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… SM
- Re: [apps-discuss] webfinger privacy question/sug… Stephen Farrell
- Re: [apps-discuss] webfinger privacy question/sug… Mikael Nordfeldth
- Re: [apps-discuss] webfinger privacy question/sug… Stephen Farrell
- Re: [apps-discuss] webfinger privacy question/sug… Phillip Hallam-Baker
- Re: [apps-discuss] webfinger privacy question/sug… Hannes Tschofenig
- Re: [apps-discuss] webfinger privacy question/sug… SM
- Re: [apps-discuss] webfinger privacy question/sug… SM
- Re: [apps-discuss] webfinger privacy question/sug… Phillip Hallam-Baker
- Re: [apps-discuss] webfinger privacy question/sug… James M Snell
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… Evan Prodromou
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… James M Snell
- Re: [apps-discuss] webfinger privacy question/sug… James M Snell
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… Paul E. Jones
- Re: [apps-discuss] webfinger privacy question/sug… William Mills
- Re: [apps-discuss] webfinger privacy question/sug… William Mills
- Re: [apps-discuss] webfinger privacy question/sug… William Mills
- Re: [apps-discuss] webfinger privacy question/sug… Gonzalo Salgueiro
- [apps-discuss] Private fields in Webfinger output… Evan Prodromou
- [apps-discuss] Using obfuscated resource identifi… Evan Prodromou
- Re: [apps-discuss] webfinger privacy question/sug… SM
- Re: [apps-discuss] Using obfuscated resource iden… Evan Prodromou
- Re: [apps-discuss] webfinger privacy question/sug… Joe Gregorio