On 13 July 2011 19:54, Boaz <alt.b...@gmail.com> wrote: >>WebID uses SSL, but as far as I understand it doesn't rely in any CA. The >>certificates can be self-signed and they will work the same. It uses the >>private key installed in your PC (which might not be very convenient) and >>checks if it belongs to the public key (which you have copied sometime before) >>returned by the FOAF file. If they match, your friends server can be sure that >>you are who you claim to be >>( http://www.w3.org/wiki/Foaf%2Bssl ). In this scheme it doesn't matter which >>the CA is. > > Let's be clear: self-signed certificates provide no protection against > MITM attack. In other words, no assurance to your friends that you > "are who you claim to be" (unless you gave them your key fingerprint > on a slip of paper or something). That assurance is the service that > we supposedly get from certificate authorities.
You dont need to give your key on a slip of paper (you can if you want of course), it's on your home page. Hopefully your freedom box also hosts a web server too, preferably with https. > > > Boaz > > _______________________________________________ > Freedombox-discuss mailing list > Freedombox-discuss@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss > _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss