as trustworthy as the hierarchical CA system currently in place...

Hello,

After pointing my friend to WebID, he have shared this comment (original linked later):

"After reading the WebID specification once again, I'm not so sure anymore, whether I would want to use it.

As described in section 2.2, the public key is published via the WebID Profile, which is basically a FOAF profile. While section 3.4.2 does note that "An HTTPS WebID will therefore be a lot more trustworthy than an HTTP WebID by a factor of the likelihood of man in the middle attacks", however the whole system is only as trustworthy as the hierarchical CA system currently in place.

How can a web-of-trust be useful, if all the trust is based on a trust system that has been shown to be untrustworthy for more than a decade?"

https://heahdk.net/~nil/news/0005-webid-revisited

Any references to previous discussion on this issue?
Thanks!
~ elf Pavlik ~

Received on Sunday, 4 March 2012 17:05:01 UTC