W3C home > Mailing lists > Public > public-xg-webid@w3.org > December 2011

Re: PGP aside

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Thu, 29 Dec 2011 18:13:10 +0100
Message-ID: <CAKaEYhKXhKGp5gYipArgUJXK30M3bXiys44XT4437yumQOnoYw@mail.gmail.com>
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: public-xg-webid@w3.org
On 29 December 2011 17:48, Kingsley Idehen <kidehen@openlinksw.com> wrote:
> On 12/29/11 6:17 AM, Melvin Carvalho wrote:
>>
>> On 29 December 2011 10:31, Mo McRoberts<mo.mcroberts@bbc.co.uk>  wrote:
>>>
>>> A brief aside, which may or may not be of interest to WebID folk.
>>>
>>> I was reading through the OpenPGP spec last night, and noticed section
>>> 5.2.3.18 which describes the “Preferred Key Server” signature subpacket:
>>>
>>> “5.2.3.18.  Preferred Key Server
>>>
>>>
>>>   (String)
>>>
>>>   This is a URI of a key server that the key holder prefers be used for
>>>   updates.  Note that keys with multiple User IDs can have a preferred
>>>   key server for each User ID.  Note also that since this is a URI, the
>>>   key server can actually be a copy of the key retrieved by ftp, http,
>>>   finger, etc.”
>>>
>>> It strikes me that as the spec explicitly provides for serving up a
>>> static resource (rather than the target being the URI of an HKP or LDAP
>>> server), it could quite easily be an endpoint which performs content
>>> negotiation and returns a variety of formats, for example PGP key data *and*
>>> linked data (which might contain, for example, a WebID profile).
>>
>> Nice find.  I already do this using the wot: vocab.
>
>
> What do you do?

Basic steps

1. Generate GPG "key" with 100 year expiry

2. Use Bruno's GPG -> WebID converter to align my GPG and Webid together.

https://gist.github.com/1505613

3. Publish my GPG on a keyserver

4. Publish may exponent, modulus, fingerprint, asc, hex_id on my homepage

In this way I benefit from the full use of the relatively mature GPG
tool chain ( key signing, encyption, WOT, mail, ssh, git signing,
retroshare secure IM etc. ), but also from the emerging WebID
ecosystem too.

Perhaps one day the GPG and X.509/WebID semantics will align, I am not
sure.  But right now I try and make it as easy as possible to interact
with as many tools as possible.

>
> Mo:
> This is indeed an intriguing find .
>
> Kingsley
>
>>
>>> M.
>>>
>>> --
>>> Mo McRoberts - Technical Lead - The Space,
>>> 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
>>> Project Office: Room 7083, BBC Television Centre, London W12 7RJ
>>>
>>>
>>>
>>> http://www.bbc.co.uk/
>>> This e-mail (and any attachments) is confidential and may contain
>>> personal views which are not the views of the BBC unless specifically
>>> stated.
>>> If you have received it in error, please delete it from your system.
>>> Do not use, copy or disclose the information in any way nor act in
>>> reliance on it and notify the sender immediately.
>>> Please note that the BBC monitors e-mails sent or received.
>>> Further communication will signify your consent to this.
>>>
>>>
>>
>
>
> --
>
> Regards,
>
> Kingsley Idehen
> Founder&  CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
>
>
>
>
>
Received on Thursday, 29 December 2011 17:13:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 29 December 2011 17:13:48 GMT