Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

document preventions of RP-driven de-anonymization attempts in privacy-cons #743

Closed
equalsJeffH opened this issue Jan 11, 2018 · 3 comments
Closed

document preventions of RP-driven de-anonymization attempts in privacy-cons #743

equalsJeffH opened this issue Jan 11, 2018 · 3 comments
Assignees
@emlun @selfissued
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. stat:pr-open type:editorial
Milestone
PropRec

Comments

@equalsJeffH
Copy link
Contributor

No description provided.

@equalsJeffH equalsJeffH added type:editorial privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. labels Jan 11, 2018
@equalsJeffH equalsJeffH added this to the CR milestone Jan 11, 2018
This was referenced Jan 11, 2018
Closed
Closed
@equalsJeffH equalsJeffH changed the title document preventions of RP-driven de-anonymization attempts in priv-cons document preventions of RP-driven de-anonymization attempts in privacy-cons Jan 12, 2018
@nadalin
Copy link
Contributor

nadalin commented Jan 17, 2018

@selfissued Please look at this as you worth through the Security Considerations section

@equalsJeffH
Copy link
Contributor Author

equalsJeffH commented Jan 17, 2018
edited

At this time, fixing issues #140, #204, and finishing & merging PR #613, will close this issue unless we think of other means RPs might use to de-anonymize users.

This is because, as @hillbrad noted in issue #184 "privacy concerns with whitelist/blacklist" that there are two (known at this time) opportunities for RPs to attempt de-anonymization or discovery of users on the client side: at credential creation time, and at authentication time.

At this time we feel that PRs #655, #687 have addressed the issues at authentication time, and partially at credential creation time. The other issues and PRs noted above address the other known aspects of the overall "RP-driven de-anonymization" set of issues (at this time).

Changing milestone to PR since we triaged issue #140 to PR.

@equalsJeffH equalsJeffH modified the milestones: CR, PR Jan 19, 2018
@emlun
Copy link
Member

emlun commented May 2, 2018

Related: #382

@emlun emlun mentioned this issue May 9, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emlun emlun

@selfissued selfissued

Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. stat:pr-open type:editorial
Projects
None yet
Milestone
PropRec
Development

No branches or pull requests
4 participants
@equalsJeffH @emlun @selfissued @nadalin