X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/369bfd45cc0d923a6903ea24b8a65091c12d930c..3fe434189b99daf3d8cc075186c4ed4ebdd43b8f:/doc/todo/emailauth.mdwn?ds=inline diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn index aac2c988e..ec7b4b96d 100644 --- a/doc/todo/emailauth.mdwn +++ b/doc/todo/emailauth.mdwn @@ -62,7 +62,7 @@ Implementation notes: Otherwise, someone could use passwordauth to register as a username that looks like an email address, which would be confusing to possibly a security hole. Probably best to keep passwordauth and emailauth accounts - entirely distinct. + entirely distinct. Update: passwordauth never allowed `@` in usernames. * Currently, subscription to comments w/o registering is handled by passwordauth, by creating a passwordless account (making up a username, not using the email address as the username thankfully). That account can be @@ -112,3 +112,25 @@ Thoughts anyone? --[[Joey]] >> >> Of course, spammers can troll git repos for emails anyway, so maybe >> this is fine. --[[Joey]] + +>>> I'm not so sure this is OK: user expectations for "a random wiki/blog" +>>> are not the same as for direct git contributions. Common practice for +>>> websites is for email addresses to be only available to the site owner +>>> and/or outsourced services - if ikiwiki doesn't work like this, +>>> I think wiki contributors/blog commenters are going to blame ikiwiki, +>>> not themselves. +>>> +>>> One way to avoid this would be to +>>> [[separate authentication from authorization]], so our account names +>>> would be smcv and joey even on a purely emailauth wiki, with the +>>> fact that we authenticate via email being an implementation detail. +>>> +>>> Another way to do it would be to hash the email address, +>>> so the commit appears to come from +>>> `smcv ` instead of +>>> from `smcv ` - if the hash is of `mailto:whatever` +>>> (like my example one) then it's compatible with +>>> [FOAF](http://xmlns.com/foaf/spec/#term_mbox_sha1sum). +>>> --[[smcv]]a + +>>> Email addresses are now cloaked in commits, using foaf:mbox_sha1sum. --[[Joey]]