RE: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] from Peter Williams on 2011-02-02 (public-xg-webid@w3.org from February 2011)

From: Peter Williams <home_pw@msn.com>
Date: Wed, 2 Feb 2011 00:49:36 -0800
To: <henry.story@bblfish.net>
CC: <public-xg-webid@w3.org>
Message-ID: <SNT143-w323F034B012FA8A44CB4B892E40@phx.gbl>

I think I willing to listen and learn that PGP fingerprints have something to teach us. But, I want to hear a W3C-type argument, not PGP religion or MIT/PGP dogma. I really liked hearing how the old WOT ontology was conceived, being refreshing in its thinking about structures, etc.

I dont know what I mean by a W3c-type argument! But, it has to be something webby - and that may have something to do with peer trust, or scale, or "appropriate" integration, or something about voip, video codecs or disk encryption relevancies....that folks now view as "webiness" - going beyond mere hypermedia or data sources in RDF.

http://yorkporc.wordpress.com/2011/01/30/httpwww-w3-org200203key-free-trust/
http://datatracker.ietf.org/doc/draft-mavrogiannopoulos-rfc5081bis/?include_text=1

Ive got no interest in swapping one awful syntax for another though. If there are to be syntax-related rationales on certs, it has to be about "handling" legacy and "doing the right thing" at APIs or other extensibility points.

I dont understand the PGP community at all (Im stuck in the PGP/PEM era on PGP). But Im willing to learn. The IETF I-D at least cleary shows how easy it is to define a new cert-type for the SSL handshake. The reagle paper made some sense to me, by articulating that one might focus on trustworthy statement in logic (not just secure protocols).

My same openness goes for the SRP scheme. Once again, the issue for me is really about webbiness. How does doing binary handshakes, before HTTP takes over, play into W3C community thinking? (It used to be an anathema.) What do folks want to do in relation to the webauth headers?

I do think its improtant that we dont do what IETF does, in security area directorate. We should complement it, bringing W3C methods and process that is webby (not that I really know what I mean by any of this, being a total outsider).

Should probably not stray too far from the terms of the charter, though.

> From: henry.story@bblfish.net
> Date: Tue, 1 Feb 2011 23:43:42 +0100
> CC: public-xg-webid@w3.org
> To: henry.story@bblfish.net
> Subject: Re: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec]
> 
> 
> On 1 Feb 2011, at 18:37, Henry Story wrote:
> 
> > 
> > On 1 Feb 2011, at 11:18, WebID Incubator Group Issue Tracker wrote:
> > 
> > Just to give you an idea on how much support this has, in the book "SSL and TLS: Theory and Practice" a book recommended to us by Peter Williams, Rolf Oppliger the author, after a nice chapter on PGP write "Because it is not relevant to SSL/TLS, we don't delve deeper into this topic"
> 
> My mistake here there are a few pages more on this under the "Certificate Types" chapter on p159 .
> 
> Henry

Received on Wednesday, 2 February 2011 08:50:09 UTC