[cap-talk] Webkeys vs. the web
Raoul Duke
raould at gmail.com
Wed Apr 1 23:31:43 EDT 2009
>>> And more broadly: the problem is not protecting users from the *ability* to
>>> share. It is protecting them from the risk of *inadvertently* sharing
>>> something the implications of which are not intuitive for them.
>>
>> i can totally see that point, but i'm some nervous pessimist who
>> assumes somehow this will all lead to yet another security leak in the
>> future. i guess the answer to that is "hey, no matter what you do,
>> people are involved, and if they eff up then that's just life." which
>> is unfortunately all too true.
>
> I don't understand how this philosophy is productive in deciding which
> mechanisms that might result in security improvements, should be implemented
> or promoted.
apologies.
basically, i'm confused that anybody thinks users in the widest sense
can be educated about what URLs to share vs. not. that just seems like
a really untenable insecure un-user-friendly goal. i want people to be
able to copy and paste, and for the site to implement something along
the lines of what i think i understand Alan K. to be describing: only
the insecure stuff is rendered, and the secure stuff requires a 2nd
type of auth before they'll be shown. which as some folks seem to be
saying is what some sites already do today.
but that to me doesn't sound like what some people are saying webkeys
are supposed to be?
(or, i want them to never be able to copy and paste, at all, but
that's unlikely to be enforceable.)
sincerely.
More information about the cap-talk
mailing list