W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: self-signed

From: Mo McRoberts <mo.mcroberts@bbc.co.uk>
Date: Mon, 18 Apr 2011 10:36:25 +0100
Cc: "peter williams" <home_pw@msn.com>, <public-xg-webid@w3.org>
Message-Id: <06F15CEA-7689-4A81-97CC-43AEA8E6BA07@bbc.co.uk>
To: "Henry Story" <henry.story@bblfish.net>

On 18 Apr 2011, at 10:27, Henry Story wrote:

> It is true that we need to think more carefully about the relation between the claims made in the certificate and the authentication.

[snip for brevity]
> 
> So in short a CA based statement is one anchor in the web of trust. The WebID based one another. Combining them increases trust. Even for self signed certificates.

Excellent summary, Henry — I'm with you on pretty much every point.

As an adjunct: I'm envisaging systems built on/leveraging WebID which may well take advantage of other facets of X509 which WebID itself doesn't necessarily care about — so I'm reticent to “throw the baby out with the bathwater”, as it were…

M.

-- 
Mo McRoberts - Data Analyst - Digital Public Space,
Zone 1.08, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA,
Room 7066, BBC Television Centre, London W12 7RJ,
0141 422 6036 (Internal: 01-26036) - PGP key 0x663E2B4A


http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
					
Received on Monday, 18 April 2011 09:36:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC