Hi Steve - and thanks for the correction. I agree with your additional use-cases/threat scenarios, naturally… I was just trying to keep it to one simple illustration ;^)
R On 16 Mar 2015, at 14:22, Stephen Kent <k...@bbn.com> wrote: > Robin, >> ... >> >> Primrose goes to InsureMe.com, where she will be asked for a lot of personal >> data. InsureMe.com invites her to register and create a new account, with an >> ID and password; all this is done over https, so InsureMe.com is confident >> it has taken suitable steps to protect the data from being visible to third >> parties. > Third parties on the wire. Experience shows that Primrose's data is most > likely to be > disclosed to third parties once it is on the InsureMe.com web site. Your > example > goes on to cite a privacy violation in the form of Gotcher.com. But, a > successful attack > against InsureMe.com also would violate the confidentiality of Primrose's > data. > > Bottom line: I agree with your observation that privacy is not the same as > confidentiality, and we often overly simplify these discussions. > > Steve > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass