- From: Henry Story <henry.story@bblfish.net>
- Date: Wed, 14 Nov 2012 09:57:25 +0100
- To: Carvalho Melvin <melvincarvalho@gmail.com>, public-webid <public-webid@w3.org>, Read-Write-Web <public-rww@w3.org>
- Message-Id: <B5E200FF-4BA1-40D8-A89C-5793BA26C01D@bblfish.net>
Just to say, but I have stopped this experiment. For me sending mail is too important in communication. If some existing servers start rejecting mail or having trouble because they don't know my CA ( and of course few will know WebID ) then the cost in communication is too high for the benefit. I had a report that my Certificate was causing some windows machine to spend ten minutes trying to verify my certificate. It is not a big step from there until someone determines these are denial of service attacks and blocks my mail. So in my view this experiment could be thought of as viral, but in the negative sense. It is exactly the kind of experiment that could cause the system to put up unnecessary antibodies and make it more difficult for members of our community to spread their message. Henry On 14 Nov 2012, at 09:34, Melvin Carvalho <melvincarvalho@gmail.com> wrote: > > > On 18 October 2012 21:35, Kingsley Idehen <kidehen@openlinksw.com> wrote: > On 10/18/12 2:31 PM, Melvin Carvalho wrote: >> >> >> On 18 October 2012 20:26, Kingsley Idehen <kidehen@openlinksw.com> wrote: >> On 10/18/12 2:12 PM, Andrei Sambra wrote: >> On 10/18/12 19:19, Melvin Carvalho wrote: >> It seems for the dogfooding use case of signing your emails for SMIME >> you also need to add your email address to your SAN. >> >> Assuming I have got that correct, does anyone know an easy way to do this? >> You can use https://my-profile.eu :) >> >> There's a cert generation page (https://my-profile.eu/certgen.php) in which you can specify an email address to be added along your WebID URI. >> >> Andrei >> >> >> >> Trouble is that Melvin wants to complete the process by hand :-) >> >> I dont necessarily need to do this by hand. >> > > If you don't need to do it by hand then you have existing services in place to help you. Andrei pointed you to my-profile.eu (which you are familiar with) and I you can also use the service at: http://id.myopenlink.net/certgen . > >> But I'd like to keep my existing cert just ADD the email on top of my http: URI. > > You mean you want to keep your existing WebID since you can't patch a generated cert. > >> >> Reason is that I have the same key for a long time and it's also my GPG key, SSH, etc. > > You can have multiple keys in the SAN of certificates that we produce. Or even simpler, cross reference your URIs in your profile graphs via owl:sameAs. > > OK, I've managed to create a special cert for email only with the same key. > > What should be the EXACT SAN for signing email? > > I have: > > URI: http://melvincarvalho.com/#me, mailto:melvincarvalho@gmail.com > > But it's still not working yet ...\ > > > >> >> >> -- >> >> Regards, >> >> Kingsley Idehen >> Founder & CEO >> OpenLink Software >> Company Web: http://www.openlinksw.com >> Personal Weblog: http://www.openlinksw.com/blog/~kidehen >> Twitter/Identi.ca handle: @kidehen >> Google+ Profile: https://plus.google.com/112399767740508618350/about >> LinkedIn Profile: http://www.linkedin.com/in/kidehen >> >> >> >> >> >> > > > -- > > Regards, > > Kingsley Idehen > Founder & CEO > OpenLink Software > Company Web: http://www.openlinksw.com > Personal Weblog: http://www.openlinksw.com/blog/~kidehen > Twitter/Identi.ca handle: @kidehen > Google+ Profile: https://plus.google.com/112399767740508618350/about > LinkedIn Profile: http://www.linkedin.com/in/kidehen > > > > > Social Web Architect http://bblfish.net/
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Wednesday, 14 November 2012 08:58:30 UTC