Re: PGP aside from Henry Story on 2011-12-29 (public-xg-webid@w3.org from December 2011)

From: Henry Story <henry.story@bblfish.net>
Date: Thu, 29 Dec 2011 13:17:50 +0100
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Mo McRoberts <mo.mcroberts@bbc.co.uk>, WebID XG <public-xg-webid@w3.org>
Message-Id: <DDB2B3C8-1316-4F97-BABE-E5E49D1AB9BA@bblfish.net>
On 29 Dec 2011, at 13:12, Melvin Carvalho wrote:

> On 29 December 2011 13:09, Henry Story <henry.story@bblfish.net> wrote:
>> 
>> On 29 Dec 2011, at 13:06, Melvin Carvalho wrote:
>> 
>>> On 29 December 2011 13:05, Henry Story <henry.story@bblfish.net> wrote:
>>>> 
>>>> On 29 Dec 2011, at 13:04, Melvin Carvalho wrote:
>>>> 
>>>>> On 29 December 2011 13:03, Henry Story <henry.story@bblfish.net> wrote:
>>>>>> 
>>>>>> On 29 Dec 2011, at 12:17, Melvin Carvalho wrote:
>>>>>> 
>>>>>>> On 29 December 2011 10:31, Mo McRoberts <mo.mcroberts@bbc.co.uk> wrote:
>>>>>>>> A brief aside, which may or may not be of interest to WebID folk.
>>>>>>>> 
>>>>>>>> I was reading through the OpenPGP spec last night, and noticed section 5.2.3.18 which describes the “Preferred Key Server” signature subpacket:
>>>>>>>> 
>>>>>>>> “5.2.3.18.  Preferred Key Server
>>>>>>>> 
>>>>>>>> 
>>>>>>>>   (String)
>>>>>>>> 
>>>>>>>>   This is a URI of a key server that the key holder prefers be used for
>>>>>>>>   updates.  Note that keys with multiple User IDs can have a preferred
>>>>>>>>   key server for each User ID.  Note also that since this is a URI, the
>>>>>>>>   key server can actually be a copy of the key retrieved by ftp, http,
>>>>>>>>   finger, etc.”
>>>>>>>> 
>>>>>>>> It strikes me that as the spec explicitly provides for serving up a static resource (rather than the target being the URI of an HKP or LDAP server), it could quite easily be an endpoint which performs content negotiation and returns a variety of formats, for example PGP key data *and* linked data (which might contain, for example, a WebID profile).
>>>>>>> 
>>>>>> 
>>>>>> yes, very cool. I have been wondering about this for a long time.
>>>>>> 
>>>>>>> Nice find.  I already do this using the wot: vocal.
>>>>>> 
>>>>>> You could do this with the cert ontology too no? What is missing?
>>>>> 
>>>>> fingerprint?
>>>> 
>>>> Can you be more specific?
>>> 
>>> http://xmlns.com/wot/0.1/#term_fingerprint
>> 
>> Ok, my mistake. That was not the full question.
>> Can you give a description of what you do, and why the fingerprint is important.
> 
> I describe my my PGP key according to the wot vocab using the terms:
> 
> fingerprint
> hex_id
> pubkeyAddress
> 
> If there's any better way to semantically describe my key, or i can
> use the cert ontology, would love to know.

Well all a PGP key is is like with X509 a relation between a user and a public key
the user knows the private key of.
Mathematically the key is key, so to speak.
All the rest is just serialisation formats.

So why not describe the user's relation to his public key as we are doing now?
Say there were a way to pub a WebID in the PGP key then you could say

:me cert:key [ cert:modulus "..."; cert:exponent "..." ] .

in the RDF serialisation of the PGP key.

What is missing there?

Henry


> 
>> 
>> Another question with PGP: Is there something like a Subject Alternative Name in PGP? How does PGP identify the user? What other ways of identifying a user do they have?
>> 
>> Henry
>> 
>>> 
>>>> 
>>>> Henry
>>>> 
>>>>> 
>>>>>> 
>>>>>> Henry
>>>>>> 
>>>>>>> 
>>>>>>>> 
>>>>>>>> M.
>>>>>>>> 
>>>>>>>> --
>>>>>>>> Mo McRoberts - Technical Lead - The Space,
>>>>>>>> 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
>>>>>>>> Project Office: Room 7083, BBC Television Centre, London W12 7RJ
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> http://www.bbc.co.uk/
>>>>>>>> This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
>>>>>>>> If you have received it in error, please delete it from your system.
>>>>>>>> Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
>>>>>>>> Please note that the BBC monitors e-mails sent or received.
>>>>>>>> Further communication will signify your consent to this.
>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>> Social Web Architect
>>>>>> http://bblfish.net/
>>>>>> 
>>>> 
>>>> Social Web Architect
>>>> http://bblfish.net/
>>>> 
>> 
>> Social Web Architect
>> http://bblfish.net/
>> 

Social Web Architect
http://bblfish.net/
Received on Thursday, 29 December 2011 12:18:23 UTC