Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft)

[John]

My language herein is a bit strong, clipped, and monofocussed. I will
write answers to the other questions.

David Sugar wrote:
> What Hans said was what my comment was going to be, which, essentially,
> in the IDsec model, you can always be your own profile provider, and one
> hopes one can trust oneself :).

If "oneself" is you, Hans, or myself;  then I could agree that each of
us could trust "oneself". Will I say the same of 90% of the users of
Passport: the so-called common consumers we are trying to offer an
alternative to? No, I would be hard put to say they can trust themselves
to be their own privacy admins.

Think of the technical level of the target audience? Some will be like
us; they will easily be able to install even a difficult package. They
will easily be able to configure such a package even in the absence of a
GUI. They may even eschew a GUI in favour of a CL, because they are
adept. Then there is the opposite extreme: the percentage who are amazed
that they can change the screen resolution in Windows! The ones who
despite repeated admonitions can be socially engineered into opening
worms and virusses? The possibly gullible and definitely trusting
non-technical masses? They are not given privacy under IDsec and this is
a weakness.

We are you saying, "If you're one of the 90%, you don't deserve complete
privacy?" With IDsec, either "DIY or give up your meta-information (and
possibly even your information)." That's not a guarantee of freedom.
That's Passport with a self-hosting option for the technical elites; and
for the technical elites - a new wallet store they can access remotely.
Are we providing a consumer solution for a broad market or a solution
for just us?

Someone please tell me where in my analysis I'm wrong?

John Le'Brecage