W3C home > Mailing lists > Public > public-webid@w3.org > September 2012

Re: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 25 Sep 2012 14:26:47 +0200
Cc: Warren Kumari <warren@kumari.net>, "public-webid@w3.org" <public-webid@w3.org>, IETF DANE WG list <dane@ietf.org>
Message-Id: <4C6DF6FB-434A-4893-A40A-3F013E012E30@bblfish.net>
To: Kingsley Idehen <kidehen@openlinksw.com>

On 25 Sep 2012, at 13:54, Kingsley Idehen <kidehen@openlinksw.com> wrote:

> On 9/25/12 3:21 AM, Henry Story wrote:
>> Ref: http://tools.ietf.org/html/draft-hoffman-dane-smime-04
>> 
>> On 21 Sep 2012, at 19:27, Warren Kumari <warren@kumari.net> wrote:
>> 
>>> On Sep 10, 2012, at 5:25 PM, Warren Kumari <warren@kumari.net> wrote:
>>> 
>>>> Dear WG,
>>>> 
>>>> This draft has already revived some comment (and has been revised to incorporate / address those),  so I'm assuming that there will be sufficient interest to adopt, but for the form of the thing:
>>>> 
>>>> This starts a call for adoption of draft-hoffman-dane-smime.
>>>> Please provide feedback as to if you would like this draft adopted by Sept 17th, 2012.
>>> We have discussed this, and see sufficient interest for adopting this draft -- would the authors please re-submit as draft-dane-?
>> 
>> On the whole, my view is that associating a public key to a user is better done by WebID http://webid.info/  ( see spec http://webid.info/spec/ ). Putting that information in the DNS misses out on a lot of other information you would like to have about a user, is difficult to read, write, and on the whole is very cumbersome. The reason for putting public keys of servers in the DNS is that servers tend not to change that much, their tend to not be that many services per domain, etc...
>> 
>> There are proposals of using the WebID public keys for MIME on the WebID community group.
>> 
>> Henry
>> 
>>> W
>>> 
>>>> W
>>>> 
>>>> -- 
>>>> Never criticize a man till you've walked a mile in his shoes.  Then if he didn't like what you've said, he's a mile away and barefoot.
>>>> 
>>>> 
>>>> 
>>> _______________________________________________
>>> dane mailing list
>>> dane@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dane
>> Social Web Architect
>> http://bblfish.net/
>> 
>> 
>> 
>> 
> 
> Henry,
> 
> S/MIME and WebID work together very well. That's something we've long implemented. Notice the certificate used to sign this mail :-)
> 
> To conclude, WebID is another option with finer granularity and more distributed control (no DNS admin access privileges required, just own a profile document) re., mail sender identity verification.

It may be interesting to know from the DANE working group, what they think would need to be done to make the application of WebID to S/MIME something more widely known about. Currently the WebID spec ( http://webid.info/spec ) illustrates how one can use a WebID in a client certificate to authenticate with TLS on any server. Perhaps the WebID working group should put some documents forward on how this can be used for S/MIME? Or perhaps an RFC would be more useful for that?
I don't think we have any formal document on that yet.

  Henry


> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/
Received on Tuesday, 25 September 2012 12:28:53 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:40:59 UTC