Re[2]: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

[Chris Drake <christopher at pobox.com>]

ER> Chris Drake  <christopher at pobox.com> writes:

>>>>>>> "Eric" == Eric Rescorla <ekr at networkresonance.com> writes:
>>
>>     >>  I don't believe that my requirements would require that the
>>     >> relying party talk to the identity provider.
>>
>> How do you propose to protect my privacy in this scenario?  I do not
>> want the same credentials of mine revealed when I log in to
>> "shame-your-boss.com" as when I log in to my sourceforge account, but
>> I would like to avoid having to remember multitudes of different
>> usernames and passwords for every web site I visit, as well as enjoy
>> phishing defences... 

ER> And you'd prefer to have your identity provider have a record
ER> of every site you've visited?

Which would you prefer?

Neither is ideal - the best solution would in fact *be* neither, but
if I'm *forced* to let either the site who I chose to trust with my
identity and privacy know where I go, or, let everywhere I go know who
I am - I'll reluctantly choose the former.

If my ID provider publishes a privacy policy telling me that they
don't keep records of these things - then I might even be happy with
my decision.  No amount of relying party privacy policies will make me
happy though - it's difficult to trust one site with my identity,
impossible to trust them all.

I forget offhand how double-blind emailling and mixmaster stuff works,
but I think the concept of enabling dix and at the same time preventing
either the relying party or the IdP form knowing too much is just a
cryptographic solution?  (except for the problem of HTTP REFERRER it's
just simple asymmetric-key-protected transaction.)

Additionally - I can't, off the top of my head, think how to get my
long-term credential into the relying party's web site without using
HTTP redirects (introducing the referrer problem), extra installed
software components (which corporate/internet-cafe users won't have
permission to install), or users copy/pasting things into input boxes
(tricky, unsafe, no phishing protection)

> Nicolas Williams Wrote:

>If you're your own IdP...  Or if your ISP is your IdP... (your ISP
>already knows what sites you visit)

I don't think Joe User's going to be able to be their own IdP or use
their ISP for it - too many of them surf both from home and work, and
if they can't get their email when they're on holidays, dix has
failed.


Kind Regards,
Chris Drake




_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix