W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

WebID-ISSUE-54 (bblfish): relation between X509 certificates and WebID [WebID Spec]

From: WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 18 Apr 2011 13:43:08 +0000
To: public-xg-webid@w3.org
Message-Id: <E1QBojM-0000nX-6c@lowblow.w3.org>

WebID-ISSUE-54 (bblfish): relation between X509 certificates and WebID [WebID Spec]

http://www.w3.org/2005/Incubator/webid/track/issues/54

Raised by: Henry Story
On product: WebID Spec

Does WebId authentication come in addition to X509 Certificates? How do the two interact? Can one have self signed certificates?

A long thread on this entitled "self-signed" covered this in detail.  It started with a request to understand why a particular self signed certificate failed.

  http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0186.html

It turned out this was due to Apache by default not letting certificates through with extensions marked critical

  http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0217.html

Though this can be turned off by recompiling apache as explained in

  http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0207.html

This lead to the question of how X509 certificates relate to WebID:

 - Peter Williams explores this where he raises the questions
    http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0253.html
 - Henry Story argues they are orthogonal and complimentary
    http://lists.w3.org/Archives/Public/public-xg-webid/2011Apr/0266.html

A discussion on this issue of self signed certificates also is going on on the Dane list of which a recent message "5280 and self-signed ee certs" 
http://www.ietf.org/mail-archive/web/dane/current/msg02452.html 

The W3C mentions self-signed certs in the section "Self-signed Certificates and Untrusted Root Certificates" in the "Web Security Context: User Interface Guidelines"

  http://www.w3.org/TR/wsc-ui/#selfsignedcerts

Language may be needed to be added to the spec to digest this.
Received on Monday, 18 April 2011 13:43:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC