On 10 March 2011 00:02, Jonas Smedegaard <[email protected]> wrote: > On Wed, Mar 09, 2011 at 10:29:06PM +0000, Clint Adams wrote: >> >> On Wed, Mar 09, 2011 at 09:09:25PM +0100, Henry Story wrote: >>> >>> I am also currently chairing the WebID incubator group at the W3C, so >>> if you have WebID questions don't hesitate to ping me, or join the W3C >>> mailing list and ping there. >> >> >> I hope that in the long run we are going to want to rid ourselves of >> any dependence on centralized DNS and SSL certificate authorities. >> Is WebID going to have any features to facilitate this or are we going >> to need to have a separate CA certificate for each client or server >> certificate, and a bunch of out-of-band validation hacks to ensure >> that these SSL certificates and FOAF profiles are actually owned >> and controlled by the people we expect them to be? > > WebID rely on DNS, but do not require _centralized_ DNS. > > WebID use SSL certificates, but do not require _centralized_ certificate > authorities, Actually, due to requiring an unusual additional hint, some > centralized CA autorities including CAcert.org cannot currently provide > WebID compatible certificates.
Traditionally we've always 'self signed' our WebID certificates. So there's no CA that needs to be in the loop. In fact, I dont know of any instance WebID has *ever* been used with a CA, but I suppose it is possible too. :) > > > > - Jonas > > -- > * Jonas Smedegaard - idealist & Internet-arkitekt > * Tlf.: +45 40843136 Website: http://dr.jones.dk/ > > [x] quote me freely [ ] ask before reusing [ ] keep private > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQIcBAEBCgAGBQJNeAcMAAoJECx8MUbBoAEh7e0P/iRSFrEacOhLs+dUU7A3ZNTy > VoFWMJ/VSCi5WtKMn2Tm68WKCQuo+mIussDZOR89VJyDehCaj5WRHcMQjnKxssc1 > yHBRKsq0eCmQiE/6855J+tsn0TrKhjYTXnqrIFJtJ2Vflz0JFTg5rbMii9OuEnMD > ectyehUPxUul9Ri9Ta0m5Dyf81HFnDZzDqC5goMiTBo063oc57LOma9P3ZKWaIjC > 7vK/P50+q4MEfOQ86mmKcx+S0v6uGlbr67gxgpXyu7SJeAjnn5wUS90Uo7A5+MUa > /J7SJ992wP9mQdsPcSIQ9Wsz83AmPYZ1mv+v2BBQqtn930gxRXWvaertcXG729lI > E+wMk7oYwLRo7BKQ/Tw31RKAd8gq48ZkDegOo+wjJgrF52iJYoau1eYf/AwkAs0V > 4dRwXLIZOqke9Ct8+czxzmcba/lMngLZdVyKry5ywqoUEStD0cwinEUcL82zoaZg > 7xxghPO+WyomlJ4wnFiInADAT2LK9z87tFpTXCMp7e9JxQGfHU8Tgo4kJFPk1kSB > ODayWJmu5sb/hpnQNns+e09hN1SqLkJMfb7mpW3OHETEiyfLSQvNxSh5MqfAIG0y > /effztx0CDlbBI7ZDfsYjL0KJp5GJkXc8Iau9hQnwVvEQTpbGnv8obAldAddmDK3 > T5oZ7OeSOVT3GfeC2dqk > =F+TU > -----END PGP SIGNATURE----- > > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss > > _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss
