IETF Logo Mail Archive

Re: [apps-discuss] webfinger privacy question/suggestion

James M Snell <jasnell@gmail.com> Tue, 30 October 2012 17:54 UTC

Return-Path: <jasnell@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABD3921F858B for <apps-discuss@ietfa.amsl.com>; Tue, 30 Oct 2012 10:54:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.765
X-Spam-Level:
X-Spam-Status: No, score=-2.765 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIxtagj9+S3I for <apps-discuss@ietfa.amsl.com>; Tue, 30 Oct 2012 10:54:45 -0700 (PDT)
Received: from mail-ie0-f172.google.com (mail-ie0-f172.google.com [209.85.223.172]) by ietfa.amsl.com (Postfix) with ESMTP id EB6ED21F8582 for <apps-discuss@ietf.org>; Tue, 30 Oct 2012 10:54:44 -0700 (PDT)
Received: by mail-ie0-f172.google.com with SMTP id 9so950391iec.31 for <apps-discuss@ietf.org>; Tue, 30 Oct 2012 10:54:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=AyEzZxNa04+/XCrOmS+idynXgQtM44ViXc33fwbaTv4=; b=WUi6lWpJAKOgJfEcUCFnJFiHKsYn4yLUaa9fpyvh4fQeGZVAqTm60cBp+A/syDOr8D egvNndV6vx/I4l8gnWtTPnIu5DKCxf7+9OKBWwl81MZPOv/1pda1nj2dPK/W82QDvt6b Z5Qh33N0Zu9fGVXEjSrJ3TlwQamZ1epb3Poq+7EbUnyJTtMZm86vGcoH2hgk8+m2aKHt HwgMAB3tY28OwnqUpbKxNjAHXYi5W4dCUJrD21rE5snPf1h7jkbw/F7qFRWZ5pjyXN/Z nj/OokfUHzbqKsj29ZNVlelPxI8+zzMD/eqJA4Xb5bFKeZYuK82dxfiQQw4LpFBqht0T pBQQ==
MIME-Version: 1.0
Received: by 10.50.36.163 with SMTP id r3mr2315923igj.54.1351619684367; Tue, 30 Oct 2012 10:54:44 -0700 (PDT)
Received: by 10.64.46.225 with HTTP; Tue, 30 Oct 2012 10:54:43 -0700 (PDT)
Received: by 10.64.46.225 with HTTP; Tue, 30 Oct 2012 10:54:43 -0700 (PDT)
In-Reply-To: <50900F51.5040805@status.net>
References: <508E66FB.4070708@cs.tcd.ie> <0b3b01cdb61c$981dc600$c8595200$@packetizer.com> <508F0870.9050402@cs.tcd.ie> <0b9901cdb636$bf951480$3ebf3d80$@packetizer.com> <508F2B78.2000006@cs.tcd.ie> <0be001cdb64b$eb574560$c205d020$@packetizer.com> <508FA55F.5020608@cs.tcd.ie> <5FC89052-EE84-4C80-BEE8-ABAD7C784F5A@gmx.net> <6.2.5.6.2.20121030093556.0a82b130@resistor.net> <50900F51.5040805@status.net>
Date: Tue, 30 Oct 2012 10:54:43 -0700
Message-ID: <CABP7RbdGamtm_fzXaswSf0k+YxDMQFr2qD84DuDzZGCB3FThZA@mail.gmail.com>
From: James M Snell <jasnell@gmail.com>
To: Evan Prodromou <evan@status.net>
Content-Type: multipart/alternative; boundary="14dae9340bf3287f2a04cd4a7b38"
Cc: IETF Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] webfinger privacy question/suggestion
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2012 17:54:45 -0000

Agreed, doing too much in this particular draft would be a mistake. What I
want, however, is an incremental strip in the right direction. Right now,
hashing the identifier is not an option. It should be. Doing so would allow
more complex solutions to be built... solutions that take privacy,
confidentiality, authorization and authentication into full account and
allow us to span from "only sharing public data" to "sharing any data".

- James
On Oct 30, 2012 10:33 AM, "Evan Prodromou" <evan@status.net> wrote:

> There may be some use to having private sharing of discovery data.
>
> However, it's such a complicated and difficult problem, that trying to
> solve it with this version of Webfinger will effectively disallow public
> discovery.
>
> That is: it's a terrible morass, which will sink this effort.
>
> I suggest making a note in the security considerations that Webfinger
> links are visible to all, so don't put private stuff in there, full stop.
>
> -Evan
>
> On 12-10-30 01:18 PM, SM wrote:
>
>> At 03:16 30-10-2012, Hannes Tschofenig wrote:
>>
>>> Have a look at: http://tools.ietf.org/html/**draft-iab-privacy-**
>>> considerations-04<http://tools.ietf.org/html/draft-iab-privacy-considerations-04>
>>>
>>
>> Hmm, that draft was mentioned several months ago [1].
>>
>>  I have raised these privacy issues already last year. My comments got
>>> ignored.
>>>
>>
>> The following question was asked around 11 months ago [2]:
>>
>>   "What are you planning to do to ensure the draft properly addresses
>>    security, privacy, and netiquette issues?"
>>
>> The current plan seems to be: do nothing.
>>
>> Regards,
>> -sm
>>
>> 1. http://www.ietf.org/mail-**archive/web/apps-discuss/**
>> current/msg04747.html<http://www.ietf.org/mail-archive/web/apps-discuss/current/msg04747.html>
>> 2. http://www.ietf.org/mail-**archive/web/apps-discuss/**
>> current/msg03804.html<http://www.ietf.org/mail-archive/web/apps-discuss/current/msg03804.html>
>> ______________________________**_________________
>> apps-discuss mailing list
>> apps-discuss@ietf.org
>> https://www.ietf.org/mailman/**listinfo/apps-discuss<https://www.ietf.org/mailman/listinfo/apps-discuss>
>>
>
>
> --
> Evan Prodromou, CEO and Founder, StatusNet Inc.
> 1124 rue Marie-Anne Est #32, Montreal, Quebec, Canada H2J 2B7
> E: evan@status.net P: +1-514-554-3826
>
> ______________________________**_________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/**listinfo/apps-discuss<https://www.ietf.org/mailman/listinfo/apps-discuss>
>

v2.23.0 | Report a Bug | By Email