W3C home > Mailing lists > Public > public-webid@w3.org > September 2012

Re: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Tue, 25 Sep 2012 07:54:09 -0400
Message-ID: <50619B61.3060206@openlinksw.com>
To: Henry Story <henry.story@bblfish.net>
CC: Warren Kumari <warren@kumari.net>, "public-webid@w3.org" <public-webid@w3.org>, IETF DANE WG list <dane@ietf.org>
On 9/25/12 3:21 AM, Henry Story wrote:
> Ref: http://tools.ietf.org/html/draft-hoffman-dane-smime-04
> On 21 Sep 2012, at 19:27, Warren Kumari <warren@kumari.net> wrote:
>> On Sep 10, 2012, at 5:25 PM, Warren Kumari <warren@kumari.net> wrote:
>>> Dear WG,
>>> This draft has already revived some comment (and has been revised to incorporate / address those),  so I'm assuming that there will be sufficient interest to adopt, but for the form of the thing:
>>> This starts a call for adoption of draft-hoffman-dane-smime.
>>> Please provide feedback as to if you would like this draft adopted by Sept 17th, 2012.
>> We have discussed this, and see sufficient interest for adopting this draft -- would the authors please re-submit as draft-dane-?
> On the whole, my view is that associating a public key to a user is better done by WebID http://webid.info/  ( see spec http://webid.info/spec/ ). Putting that information in the DNS misses out on a lot of other information you would like to have about a user, is difficult to read, write, and on the whole is very cumbersome. The reason for putting public keys of servers in the DNS is that servers tend not to change that much, their tend to not be that many services per domain, etc...
> There are proposals of using the WebID public keys for MIME on the WebID community group.
> Henry
>> W
>>> W
>>> -- 
>>> Never criticize a man till you've walked a mile in his shoes.  Then if he didn't like what you've said, he's a mile away and barefoot.
>> _______________________________________________
>> dane mailing list
>> dane@ietf.org
>> https://www.ietf.org/mailman/listinfo/dane
> Social Web Architect
> http://bblfish.net/


S/MIME and WebID work together very well. That's something we've long 
implemented. Notice the certificate used to sign this mail :-)

To conclude, WebID is another option with finer granularity and more 
distributed control (no DNS admin access privileges required, just own a 
profile document) re., mail sender identity verification.



Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Tuesday, 25 September 2012 11:56:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:35 UTC