W3C home > Mailing lists > Public > public-xg-webid@w3.org > December 2011

RE: PGP aside

From: Peter Williams <home_pw@msn.com>
Date: Thu, 29 Dec 2011 09:40:31 -0800
Message-ID: <SNT143-W5436D42C1D5FBFD56B4FDB92AD0@phx.gbl>
To: <melvincarvalho@gmail.com>, <kidehen@openlinksw.com>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>


 I dont see the point. I just see two different embodiments of all the same design principles (location, naming, addressing, resolving, formating...). There is NO difference (despite huge threads claiming the contrary for PGP). Ive yet to really see any difference in the logic foundations of webid/semweb, contrasting with X.509/PGP theory. Its cute that folks use de-referencing (and folks think like a compiler writer). But, its not how mom and pop think, while trying to quiet the screaming 2 year old ... in a panic because his PGP key icon on his iPad has suddenly turned red. Now, what matters is that folks KEEP *wanting*  to link up to a PGP key. Its spirit as a branded movement prevails, and evil other technologies are less welcome (even if more useful). it was fun working with the PGP Corp folks, when I was at VeriSign. Beware what you believe in, as consumer. Someone probably seeks to profit from you, and it may have nothing to do with the cash you pay. The same goes for semweb folks, since DARPA funded most of the original data mining rationale, for the technology we are using here. UK probably pays a US firm to perform such data mining on its behalf (its illegal for the UK to do it, but not consume when someone else does what is illegal to do locally, since the laws were "carefully" framed to only APPEAR to offer public assurance). Now, before Henry rants about me being some kind of nut or paranoid, Ill remark that while I critize the US a lot, US folks in higher crypto circles trusted me personally (as a damn untrustworthy, red-starred foreigner) in ways that equivalent folks in the UK never did. I thus reciprocate that favor (by focussing on ensuring US folks generally get to make new markets with crypto and develop new opportunities  - a philosophy which seems to please the way US folks think about their core human value as a society). For therein lies the same basis of trust as PGP finds. Its consumable, and its workable. I want to (and therefore I do).   > Date: Thu, 29 Dec 2011 18:13:10 +0100
> From: melvincarvalho@gmail.com
> To: kidehen@openlinksw.com
> CC: public-xg-webid@w3.org
> Subject: Re: PGP aside
> 
> On 29 December 2011 17:48, Kingsley Idehen <kidehen@openlinksw.com> wrote:
> > On 12/29/11 6:17 AM, Melvin Carvalho wrote:
> >>
> >> On 29 December 2011 10:31, Mo McRoberts<mo.mcroberts@bbc.co.uk>  wrote:
> >>>
> >>> A brief aside, which may or may not be of interest to WebID folk.
> >>>
> >>> I was reading through the OpenPGP spec last night, and noticed section
> >>> 5.2.3.18 which describes the “Preferred Key Server” signature subpacket:
> >>>
> >>> “5.2.3.18.  Preferred Key Server
> >>>
> >>>
> >>>   (String)
> >>>
> >>>   This is a URI of a key server that the key holder prefers be used for
> >>>   updates.  Note that keys with multiple User IDs can have a preferred
> >>>   key server for each User ID.  Note also that since this is a URI, the
> >>>   key server can actually be a copy of the key retrieved by ftp, http,
> >>>   finger, etc.”
> >>>
> >>> It strikes me that as the spec explicitly provides for serving up a
> >>> static resource (rather than the target being the URI of an HKP or LDAP
> >>> server), it could quite easily be an endpoint which performs content
> >>> negotiation and returns a variety of formats, for example PGP key data *and*
> >>> linked data (which might contain, for example, a WebID profile).
> >>
> >> Nice find.  I already do this using the wot: vocab.
> >
> >
> > What do you do?
> 
> Basic steps
> 
> 1. Generate GPG "key" with 100 year expiry
> 
> 2. Use Bruno's GPG -> WebID converter to align my GPG and Webid together.
> 
> https://gist.github.com/1505613
> 
> 3. Publish my GPG on a keyserver
> 
> 4. Publish may exponent, modulus, fingerprint, asc, hex_id on my homepage
> 
> In this way I benefit from the full use of the relatively mature GPG
> tool chain ( key signing, encyption, WOT, mail, ssh, git signing,
> retroshare secure IM etc. ), but also from the emerging WebID
> ecosystem too.
> 
> Perhaps one day the GPG and X.509/WebID semantics will align, I am not
> sure.  But right now I try and make it as easy as possible to interact
> with as many tools as possible.
> 
> >
> > Mo:
> > This is indeed an intriguing find .
> >
> > Kingsley
> >
> >>
> >>> M.
> >>>
> >>> --
> >>> Mo McRoberts - Technical Lead - The Space,
> >>> 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
> >>> Project Office: Room 7083, BBC Television Centre, London W12 7RJ
> >>>
> >>>
> >>>
> >>> http://www.bbc.co.uk/
> >>> This e-mail (and any attachments) is confidential and may contain
> >>> personal views which are not the views of the BBC unless specifically
> >>> stated.
> >>> If you have received it in error, please delete it from your system.
> >>> Do not use, copy or disclose the information in any way nor act in
> >>> reliance on it and notify the sender immediately.
> >>> Please note that the BBC monitors e-mails sent or received.
> >>> Further communication will signify your consent to this.
> >>>
> >>>
> >>
> >
> >
> > --
> >
> > Regards,
> >
> > Kingsley Idehen
> > Founder&  CEO
> > OpenLink Software
> > Company Web: http://www.openlinksw.com
> > Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> > Twitter/Identi.ca handle: @kidehen
> > Google+ Profile: https://plus.google.com/112399767740508618350/about
> > LinkedIn Profile: http://www.linkedin.com/in/kidehen
> >
> >
> >
> >
> >
> >
> 
 		 	   		  
Received on Thursday, 29 December 2011 17:41:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 29 December 2011 17:41:02 GMT